Lucene search
K

405 matches found

ptsecurity
ptsecurity
added 2026/04/09 12:0 a.m.9 views

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References4
snyk
snyk
added 2026/04/08 9:10 p.m.7 views

Arbitrary Command Injection

Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...

7.5CVSS6.1AI score0.01651EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.10 views

PT-2026-31451

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

7.5CVSS5.9AI score0.00319EPSS
Exploits1References3
packetstormnews
packetstormnews
added 2026/04/08 12:0 a.m.13 views

MCP-DPT: A Defense-Placement Taxonomy and Coverage Analysis for Model Context Protocol Security

The Model Context Protocol MCP enables large language models LLMs to dynamically discover and invoke third-party tools, significantly expanding agent capabilities while introducing a distinct security landscape. Unlike prompt-only interactions, MCP exposes pre-execution artifacts, shared context,...

5.5AI score
Exploits0
nvd
nvd
added 2026/04/07 10:16 p.m.5 views

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS0.00136EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/07 9:6 p.m.3 views

CVE-2026-35568 MCP Java-SDK has a DNS Rebinding Vulnerability

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS5.9AI score0.00136EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/07 9:6 p.m.4 views

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

5.9AI score0.00136EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/04/07 9:6 p.m.21 views

CVE-2026-35568

The CVE-2026-35568 entry corresponds to a DNS rebinding vulnerability in the MCP Java SDK (official Java SDK for Model Context Protocol servers/clients). Prior to version 1.0.0, the java-sdk did not validate the Origin header, enabling an attacker-controlled webpage on local or adjacent networks ...

7.6CVSS5.9AI score0.00136EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/04/07 9:6 p.m.21 views

CVE-2026-35568 MCP Java-SDK has a DNS Rebinding Vulnerability

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS0.00136EPSS
Exploits0References2
osv
osv
added 2026/04/07 8:13 p.m.3 views

GHSA-8JXR-PR72-R468 Java-SDK has a DNS Rebinding Vulnerability

Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they wer...

7.6CVSS5.8AI score0.00136EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2026/04/07 8:13 p.m.7 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +504 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=1.0.0-RC3)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: OSV:GHSA-8JXR-PR72-R468...

7.6CVSS5.7AI score0.00136EPSS
Exploits0
github
github
added 2026/04/07 8:13 p.m.10 views

Java-SDK has a DNS Rebinding Vulnerability

Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they wer...

7.6CVSS5.9AI score0.00136EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.7 views

PT-2026-31030

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.0 Description The MCP Java SDK contains a DNS rebinding vulnerability. This allows an attacker to access a locally or network-private MCP server via a victim's browser. An attacker can then make any tool call...

7.6CVSS5.8AI score0.00136EPSS
Exploits0References6
packetstormnews
packetstormnews
added 2026/04/07 12:0 a.m.8 views

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

5.9AI score
Exploits0
susecve
susecve
added 2026/04/06 11:24 p.m.7 views

SUSE CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS
Exploits4References3
cvelist
cvelist
added 2026/04/03 3:30 p.m.29 views

CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS0.00206EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/03 3:30 p.m.2 views

CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.14 views

PT-2026-30189

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/04/02 11:25 p.m.4 views

CVE-2026-34742

A flaw was found in the Model Context Protocol MCP Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP...

8.1CVSS5.8AI score0.00455EPSS
Exploits0References7
nvd
nvd
added 2026/04/02 7:21 p.m.13 views

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

8.1CVSS0.00455EPSS
Exploits0References8
Rows per page
Query Builder