CVE-2026-35577

Name of the Vulnerable Software and Affected Versions Apollo MCP Server versions prior to 1.7.0

Description The Apollo MCP Server, a Model Context Protocol server exposing GraphQL operations, did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. This could allow a malicious website, visited by a user running the server locally, to bypass same-origin policy restrictions using DNS rebinding techniques and issue requests to the local MCP server. Successful exploitation could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based StreamableHTTP transport and does not affect servers using stdio transport.

Recommendations Update to version 1.7.0 or later.