CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

CVE-2026-34742

A flaw was found in the Model Context Protocol MCP Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP...

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34742 Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34742 Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34742

The CVE-2026-34742 entry concerns the Model Context Protocol (MCP) Go SDK. Prior to version 1.4.0, an HTTP-based MCP server running on localhost without authentication did not enable DNS rebinding protection by default, allowing a malicious website to bypass same-origin policy and send requests t...

CVE-2026-34526

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...

CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...

CVE-2026-34526

Summary of CVE-2026-34526 (SillyTavern) : An incomplete IP validation in the /api/search/visit flow enables SSRF against internal hosts in versions prior to 1.17.0. The root cause is a hostname check in src/endpoints/search.js that uses the regex /^?\d+.\d+.\d+.\d+$/ to match only literal dotted-...

CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...

GHSA-WM7J-M6JM-8797 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

Details Distinct from CVE-2025-59159 and CVE-2026-26286 all fixed in v1.16.0. This endpoint is still unpatched. In src/endpoints/search.js line 419, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This only matches literal dotted-quad IPv4 e.g. 127.0.0.1, 10.0.0.1. It does not catch: -...

SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

Details Distinct from CVE-2025-59159 and CVE-2026-26286 all fixed in v1.16.0. This endpoint is still unpatched. In src/endpoints/search.js line 419, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This only matches literal dotted-quad IPv4 e.g. 127.0.0.1, 10.0.0.1. It does not catch: -...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

GHSA-XW59-HVM2-8PJ6 DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...

DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...

UBUNTU-CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

CVE-2026-33990

Docker Model Runner (DMR) is affected by an SSRF in the OCI registry token exchange flow prior to version 1.1.25. When pulling a model, DMR uses the realm URL from the registry’s WWW-Authenticate header without validating the scheme, hostname, or IP range, allowing a malicious OCI registry to dir...

EUVD-2026-17963

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...