3 matches found
CVE-2026-27896 vulnerabilities
Vulnerabilities for packages: datadog-agent, opencost, github-mcp-server, ferretdb, jaeger, flux-operator, osv-scanner, gptscript...
CVE-2026-27896 vulnerabilities
Vulnerabilities for packages: flux-operator, osv-scanner, gitlab-workhorse-ce-fips, github-mcp-server, gptscript, flux-operator-fips, datadog-agent-fips, datadog-agent, jaeger-fips, jaeger, ferretdb, gitlab-workhorse-ce, opencost, opencost-fips...
CVE-2026-27896
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...