All 3 CVE vulnerabilities found in go-sdk, with AI-generated Chinese analysis, references, and POCs.
Vendor: modelcontextprotocol
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34742 | Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost CWE-1188 | 7.1AI | HighAI | 2026-04-02 |
| CVE-2026-33252 | MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion CWE-352 | 7.1 | High | 2026-03-23 |
| CVE-2026-27896 | MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity CWE-178 | 9.1AI | CriticalAI | 2026-02-26 |
All 3 known CVE vulnerabilities affecting go-sdk with full Chinese analysis, references, and POCs where available.