CVE-2026-34237

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.1 MCP Java SDK versions prior to 1.1.1

Description The MCP Java SDK contains a hardcoded wildcard Cross-Origin Resource Sharing (CORS) configuration, specifically setting Access-Control-Allow-Origin to '*'. This allows cross-origin reads, potentially exposing sensitive information like session IDs via Server-Sent Events (SSE). An attacker-controlled web page can instruct a victim's browser to open a GET request to an internal server endpoint. Because of the wildcard CORS setting, the attacker's page can receive event data, including the session ID, and then use the victim's browser to relay a POST request to that endpoint. The Python SDK does not exhibit this behavior, maintaining the browser's default same-origin policy. The vulnerable code is located in HttpServletSseServerTransportProvider.java at line 289 and HttpServletStreamableServerTransportProvider.java at line 525.

Recommendations For versions prior to 1.0.1, server implementers should add a CORS filter at the servlet filter or Spring Security layer to manage cross-origin access. For versions prior to 1.1.1, server implementers should add a CORS filter at the servlet filter or Spring Security layer to manage cross-origin access.