CVE-2026-35568

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.0

Description The MCP Java SDK contains a DNS rebinding vulnerability. This allows an attacker to access a locally or network-private MCP server via a victim's browser. An attacker can then make any tool call to the server as if they were a locally running AI agent. The vulnerability exists because no Origin header validation was occurring, violating the Model Context Protocol (MCP) specification. When the web server serving HTTP traffic to the MCP server does not perform standard CORS checks, a DNS rebinding attack is possible.

Recommendations Update to version 1.0.0 or later. As a workaround, run the MCP server behind a reverse proxy configured to strictly validate the Host and Origin headers. Alternatively, use a framework that inherently enforces strict CORS and Origin validation.