3 matches found
CVE-2026-27896 vulnerabilities
Vulnerabilities for packages: gptscript, jaeger, ferretdb, flux-operator, datadog-agent, opencost, osv-scanner, github-mcp-server...
CVE-2026-27896 vulnerabilities
Vulnerabilities for packages: jaeger, ferretdb, gitlab-workhorse-ce-fips, opencost-fips, osv-scanner, opencost, gptscript, datadog-agent, flux-operator-fips, gitlab-workhorse-ce, jaeger-fips, github-mcp-server, datadog-agent-fips, flux-operator...
CVE-2026-27896
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...