CVE-2026-33252
Cross-Site POST Request Vulnerability in Go MCP SDK
Publication date: 2026-03-24
Last updated on: 2026-04-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | mcp_go_sdk | to 1.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-33252 is a security vulnerability in the Go MCP SDK versions up to 1.4.0 where the SDK's Streamable HTTP transport accepted cross-site POST requests without validating the Origin header and without requiring the Content-Type header to be set to application/json."}, {'type': 'paragraph', 'content': 'This flaw allows arbitrary websites to send MCP requests to a local server, especially in deployments without Authorization or in stateless/sessionless configurations, potentially triggering unauthorized tool execution.'}, {'type': 'paragraph', 'content': 'The vulnerability exploits the fact that POST requests with Content-Type: text/plain are CORS-safelisted and bypass CORS preflight checks, enabling cross-site request forgery (CWE-352).'}, {'type': 'paragraph', 'content': 'The issue was fixed in version 1.4.1 by enforcing strict Origin header verification and requiring Content-Type to be application/json for POST requests.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker controlling an arbitrary website to send unauthorized MCP requests to a local server running the vulnerable SDK, potentially triggering execution of tools without proper authorization.
In environments without Authorization, especially stateless or sessionless setups, this can lead to unauthorized actions being performed on the server.
The attack requires user interaction but does not require any privileges or complex attack methods.
The impact includes high integrity risk (unauthorized modification or execution) and low availability impact, with no confidentiality impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the MCP Go SDK server that lack proper Origin header validation or do not have the Content-Type header set to application/json.'}, {'type': 'paragraph', 'content': 'Specifically, you can look for cross-site POST requests with Content-Type values other than application/json, such as text/plain, which are CORS-safelisted and may bypass preflight checks.'}, {'type': 'paragraph', 'content': "Commands to detect such requests might include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests, or using curl to test the server's response to POST requests without the correct headers."}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP POST requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST'"}, {'type': 'list_item', 'content': "Use curl to test POST request without Content-Type application/json: curl -X POST http://<server>/ -H 'Content-Type: text/plain' -d '<test payload>' -v"}, {'type': 'list_item', 'content': 'Check server logs for POST requests missing the Origin header or with unexpected Content-Type headers.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to upgrade the Go MCP SDK to version 1.4.1 or later, which includes patches that enforce strict Origin header verification and require the Content-Type header to be application/json for POST requests.'}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, consider enabling the SDK's cross-origin protection features and ensure that deployments require Authorization to prevent unauthorized requests."}, {'type': 'paragraph', 'content': 'Avoid disabling the cross-origin protection unless absolutely necessary, as it is enabled by default to prevent this vulnerability.'}, {'type': 'list_item', 'content': 'Upgrade the Go MCP SDK to version 1.4.1 or later.'}, {'type': 'list_item', 'content': 'Ensure that the server validates the Origin header on incoming POST requests.'}, {'type': 'list_item', 'content': 'Require the Content-Type header to be application/json for POST requests.'}, {'type': 'list_item', 'content': 'Implement or enforce Authorization mechanisms in deployments, especially in stateless or sessionless configurations.'}] [1, 2]