CVE-2026-35568
Received Received - Intake
DNS Rebinding in MCP Java SDK Allows Unauthorized Local Access

Publication date: 2026-04-07

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35568
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects mcp_java_sdk to 1.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the MCP Java SDK versions prior to 1.0.0 and is a DNS rebinding vulnerability.

It allows an attacker to access a locally or network-private MCP server through a victim's browser that is either local or on the same network.

This means the attacker can make any tool call to the MCP server as if they were a locally running MCP connected AI agent.

The vulnerability is fixed in version 1.0.0 of the MCP Java SDK.

Impact Analysis

This vulnerability can allow an attacker to remotely interact with the MCP Java SDK server as if they were a trusted local AI agent.

Such unauthorized access could lead to unauthorized commands being executed on the server, potentially compromising the integrity and confidentiality of the system.

Because the attacker can make any tool call, this could lead to data exposure, manipulation, or disruption of services provided by the MCP server.

Mitigation Strategies

The vulnerability is fixed in MCP Java SDK version 1.0.0. Immediate mitigation involves upgrading the java-sdk to version 1.0.0 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart