CVE-2025-66414
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled enableDnsRebindingProtection, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.24.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2026-03-10
Generated
2026-05-07
AI Q&A
2025-12-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-66414
EUVD
EUVD-2025-200274
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects mcp_typescript_sdk to 1.24.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the MCP TypeScript SDK prior to version 1.24.0, where DNS rebinding protection is not enabled by default for HTTP-based servers. If an HTTP-based MCP server is run locally without authentication using certain transports (StreamableHTTPServerTransport or SSEServerTransport) and without enabling DNS rebinding protection, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions. This allows the attacker to send requests to the local MCP server and potentially invoke tools or access resources on behalf of the user under these limited conditions.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to bypass browser same-origin policy restrictions via DNS rebinding when a local MCP HTTP server is running without authentication and without DNS rebinding protection enabled. This could enable the attacker to send unauthorized requests to the local MCP server, potentially invoking tools or accessing resources exposed by the server on behalf of the user, leading to unauthorized actions or data exposure.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade the MCP TypeScript SDK to version 1.24.0 or later where DNS rebinding protection is enabled by default. Additionally, avoid running HTTP-based MCP servers locally without authentication, and ensure that enableDnsRebindingProtection is enabled if using StreamableHTTPServerTransport or SSEServerTransport.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart