Search criteria
2 vulnerabilities found for rust-sdk by modelcontextprotocol
CVE-2026-42559 (GCVE-0-2026-42559)
Vulnerability from nvd – Published: 2026-05-14 14:24 – Updated: 2026-05-14 16:00
VLAI
Title
RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Summary
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface. This vulnerability is fixed in 1.4.0.
Severity
8.8 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_CONFIRM |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| modelcontextprotocol | rust-sdk |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:00:22.834947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:00:33.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rust-sdk",
"vendor": "modelcontextprotocol",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate\u0027s Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim\u0027s loopback or private-network interface. This vulnerability is fixed in 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T14:24:56.090Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/security/advisories/GHSA-89vp-x53w-74fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/security/advisories/GHSA-89vp-x53w-74fx"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/issues/815",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/815"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/issues/822",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/822"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/pull/764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/pull/764"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/commit/8e22aa2de28df5a285eed87c11cd89bf15fa90d3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/commit/8e22aa2de28df5a285eed87c11cd89bf15fa90d3"
}
],
"source": {
"advisory": "GHSA-89vp-x53w-74fx",
"discovery": "UNKNOWN"
},
"title": "RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42559",
"datePublished": "2026-05-14T14:24:56.090Z",
"dateReserved": "2026-04-28T16:56:50.192Z",
"dateUpdated": "2026-05-14T16:00:33.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42559 (GCVE-0-2026-42559)
Vulnerability from cvelistv5 – Published: 2026-05-14 14:24 – Updated: 2026-05-14 16:00
VLAI
Title
RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Summary
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface. This vulnerability is fixed in 1.4.0.
Severity
8.8 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_CONFIRM |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
| https://github.com/modelcontextprotocol/rust-sdk/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| modelcontextprotocol | rust-sdk |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:00:22.834947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:00:33.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rust-sdk",
"vendor": "modelcontextprotocol",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate\u0027s Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim\u0027s loopback or private-network interface. This vulnerability is fixed in 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T14:24:56.090Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/security/advisories/GHSA-89vp-x53w-74fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/security/advisories/GHSA-89vp-x53w-74fx"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/issues/815",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/815"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/issues/822",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/issues/822"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/pull/764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/pull/764"
},
{
"name": "https://github.com/modelcontextprotocol/rust-sdk/commit/8e22aa2de28df5a285eed87c11cd89bf15fa90d3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/rust-sdk/commit/8e22aa2de28df5a285eed87c11cd89bf15fa90d3"
}
],
"source": {
"advisory": "GHSA-89vp-x53w-74fx",
"discovery": "UNKNOWN"
},
"title": "RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42559",
"datePublished": "2026-05-14T14:24:56.090Z",
"dateReserved": "2026-04-28T16:56:50.192Z",
"dateUpdated": "2026-05-14T16:00:33.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}