Plateforme
java
Composant
io.modelcontextprotocol.sdk:mcp-core
Corrigé dans
1.0.1
1.0.0
La vulnérabilité DNS rebinding affecte la bibliothèque io.modelcontextprotocol.sdk:mcp-core, en particulier les versions inférieures ou égales à 1.0.0-RC3. Cette faille permet à un attaquant d'exploiter le navigateur d'un utilisateur pour accéder à un serveur MCP local ou réseau, contournant ainsi les mesures de sécurité. L'absence de validation de l'en-tête Origin avant la version 1.0.0 a permis cette exploitation, permettant à l'attaquant d'effectuer des appels d'outils comme s'il s'agissait d'un agent AI local. Une version corrigée, 1.0.0, est désormais disponible.
The core of this vulnerability lies in the lack of Origin header validation prior to version 1.0.0. This omission violates the Model Context Protocol (MCP) specification. An attacker can leverage DNS rebinding to trick a victim's browser into believing it's communicating with a legitimate, locally-trusted MCP server, when in reality, it's connecting to a server controlled by the attacker. This allows the attacker to execute arbitrary tool calls to the MCP server as if they were a locally running AI agent. The potential impact is significant, as an attacker could exfiltrate sensitive data, manipulate system behavior, or even gain a foothold for further attacks within the affected environment. While no direct precedent is cited, the technique shares similarities with other DNS rebinding attacks that have been used to bypass security measures and gain unauthorized access.
CVE-2026-35568 was published on 2026-04-07. The vulnerability is not currently listed on the CISA KEV catalog, and its EPSS score is pending evaluation. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the DNS rebinding technique is well-understood and readily exploitable. Active exploitation campaigns are not currently confirmed, but the ease of exploitation suggests a potential risk.
Organizations deploying applications that utilize the io.modelcontextprotocol.sdk (mcp-core) library, particularly those with network-adjacent deployments or where user browsers have access to both local and remote resources, are at risk. Shared hosting environments where multiple users share the same MCP server are also particularly vulnerable.
• java / server: Monitor application logs for requests with unexpected or missing Origin headers.
grep 'Origin:' /path/to/application.log | sort | uniq -c | sort -nr• generic web: Use curl to test endpoint exposure and examine response headers for the Origin header.
curl -I https://your-mcp-server/api/endpoint• generic web: Check access/error logs for unusual patterns related to DNS resolution and requests from unexpected IP addresses.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 7%)
CISA SSVC
The primary mitigation for CVE-2026-35568 is to immediately upgrade to version 1.0.0 of the io.modelcontextprotocol.sdk (mcp-core). This version includes the necessary Origin header validation to prevent DNS rebinding attacks. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy with rules to strictly validate the Origin header and block requests with unexpected or invalid values. Additionally, review your network configuration to ensure that MCP servers are not exposed to untrusted networks. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual Origin header values in your logs is recommended.
Actualice a la versión 1.0.0 o superior del MCP Java SDK para mitigar la vulnerabilidad de reencuadre de DNS. Esta actualización corrige el problema al validar correctamente las direcciones IP y evitar el acceso no autorizado a los servidores MCP.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-35568 is a HIGH severity DNS rebinding vulnerability affecting the io.modelcontextprotocol.sdk (mcp-core) library, allowing attackers to access MCP servers through a victim's browser.
You are affected if you are using io.modelcontextprotocol.sdk versions 1.0.0-RC3 or earlier.
Upgrade to version 1.0.0 of io.modelcontextprotocol.sdk. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
Active exploitation campaigns are not currently confirmed, but the vulnerability is considered readily exploitable.
Refer to the Model Context Protocol specification and related documentation for details: https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#security-warnin
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.