MCP Java-SDK has a DNS Rebinding Vulnerability

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.

N/A

源验证错误

MCP Java SDK 访问控制错误漏洞

MCP Java SDK是Model Context Protocol开源的一个用于Java应用集成AI模型与工具的标准协议SDK。 MCP Java SDK 1.0.0之前版本存在访问控制错误漏洞，该漏洞源于DNS重绑定漏洞，可能导致攻击者通过受害者的浏览器访问本地或网络私有的MCP服务器，从而执行任意工具调用。

N/A

N/A