github.com/modelcontextprotocol/go-sdkにおける認証なしHTTPサーバーのCross-Site Tool Execution

The primary impact of CVE-2026-33252 is the potential for unauthorized tool execution. An attacker can leverage a malicious website to send crafted POST requests to a vulnerable ModelContextProtocol Go SDK endpoint. Because the SDK did not properly validate the Origin header, these requests bypass expected security controls. In deployments lacking authorization mechanisms, such as stateless or sessionless configurations, this vulnerability is particularly dangerous. The attacker could potentially trigger actions that compromise data integrity or system availability, depending on the functionality exposed by the SDK and the tools it interacts with. This is similar to other CSRF vulnerabilities where an attacker can trick a user into performing actions they did not intend to.

1. 予約済み2026-03-18
2. 公開日2026-03-19
3. 更新日2026-03-25
4. EPSS 更新日2026-03-31

The primary mitigation for CVE-2026-33252 is to upgrade the ModelContextProtocol Go SDK to version 1.4.1 or later. This version includes the necessary fixes to properly validate the Origin header and prevent unauthorized requests. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter out requests with suspicious Origin headers. Additionally, ensure that all deployments require authentication and authorization for sensitive endpoints to limit the potential impact of this vulnerability. After upgrading, confirm the fix by attempting to send a cross-origin POST request to a vulnerable endpoint and verifying that it is rejected.