Lucene search
K

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

🗓️ 26 Feb 2026 00:47:46Reported by GitHub_MType 
cvelist
 cvelist
🔗 www.cve.org👁 25 Views

CVE-2026-27896: MCP Go SDK accepted mixed-case JSON fields before 1.3.1; update to v1.3.1.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-27896
26 Feb 202600:47
attackerkb
BDU FSTEC
The vulnerability of the json.Unmarshal() function in the JSON-RPC protocol implementation of the MCP Go SDK allows attackers to bypass existing security mechanisms.
2 Mar 202600:00
bdu_fstec
Chainguard
CVE-2026-27896 vulnerabilities
27 Feb 202619:17
cgr
Circl
CVE-2026-27896
26 Feb 202602:20
circl
CNNVD
MCP Go SDK 安全漏洞
26 Feb 202600:00
cnnvd
CVE
CVE-2026-27896
26 Feb 202600:47
cve
EUVD
EUVD-2026-8792
26 Feb 202622:20
euvd
Github Security Blog
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
26 Feb 202622:20
github
NVD
CVE-2026-27896
26 Feb 202601:16
nvd
OSV
CGA-VFRX-695V-7WQ5
28 Feb 202605:29
osv
Rows per page
[
  {
    "vendor": "modelcontextprotocol",
    "product": "go-sdk",
    "versions": [
      {
        "version": "< 1.3.1",
        "status": "affected"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation