CVE-2026-33252
Received Received - Intake
Cross-Site POST Request Vulnerability in Go MCP SDK

Publication date: 2026-03-24

Last updated on: 2026-04-15

Assigner: GitHub, Inc.

Description
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution. Version 1.4.1 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33252
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects mcp_go_sdk to 1.4.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-33252 is a security vulnerability in the Go MCP SDK versions up to 1.4.0 where the SDK's Streamable HTTP transport accepted cross-site POST requests without validating the Origin header and without requiring the Content-Type header to be set to application/json."}, {'type': 'paragraph', 'content': 'This flaw allows arbitrary websites to send MCP requests to a local server, especially in deployments without Authorization or in stateless/sessionless configurations, potentially triggering unauthorized tool execution.'}, {'type': 'paragraph', 'content': 'The vulnerability exploits the fact that POST requests with Content-Type: text/plain are CORS-safelisted and bypass CORS preflight checks, enabling cross-site request forgery (CWE-352).'}, {'type': 'paragraph', 'content': 'The issue was fixed in version 1.4.1 by enforcing strict Origin header verification and requiring Content-Type to be application/json for POST requests.'}] [1, 2]

Impact Analysis

This vulnerability can allow an attacker controlling an arbitrary website to send unauthorized MCP requests to a local server running the vulnerable SDK, potentially triggering execution of tools without proper authorization.

In environments without Authorization, especially stateless or sessionless setups, this can lead to unauthorized actions being performed on the server.

The attack requires user interaction but does not require any privileges or complex attack methods.

The impact includes high integrity risk (unauthorized modification or execution) and low availability impact, with no confidentiality impact.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the MCP Go SDK server that lack proper Origin header validation or do not have the Content-Type header set to application/json.'}, {'type': 'paragraph', 'content': 'Specifically, you can look for cross-site POST requests with Content-Type values other than application/json, such as text/plain, which are CORS-safelisted and may bypass preflight checks.'}, {'type': 'paragraph', 'content': "Commands to detect such requests might include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests, or using curl to test the server's response to POST requests without the correct headers."}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP POST requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST'"}, {'type': 'list_item', 'content': "Use curl to test POST request without Content-Type application/json: curl -X POST http://<server>/ -H 'Content-Type: text/plain' -d '<test payload>' -v"}, {'type': 'list_item', 'content': 'Check server logs for POST requests missing the Origin header or with unexpected Content-Type headers.'}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to upgrade the Go MCP SDK to version 1.4.1 or later, which includes patches that enforce strict Origin header verification and require the Content-Type header to be application/json for POST requests.'}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, consider enabling the SDK's cross-origin protection features and ensure that deployments require Authorization to prevent unauthorized requests."}, {'type': 'paragraph', 'content': 'Avoid disabling the cross-origin protection unless absolutely necessary, as it is enabled by default to prevent this vulnerability.'}, {'type': 'list_item', 'content': 'Upgrade the Go MCP SDK to version 1.4.1 or later.'}, {'type': 'list_item', 'content': 'Ensure that the server validates the Origin header on incoming POST requests.'}, {'type': 'list_item', 'content': 'Require the Content-Type header to be application/json for POST requests.'}, {'type': 'list_item', 'content': 'Implement or enforce Authorization mechanisms in deployments, especially in stateless or sessionless configurations.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart