3 matches found
icarus (>=0.2.0 <=0.5.8), icarus-core (>=0.1.0 <=0.5.8) +9 more potentially affected by CVE-2026-42559 via rmcp (>=0.1.1 <=0.6.4)
rmcp CARGO version =0.1.1, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2026-42559 Source advisory: OSV:GHSA-89VP-X53W-74FX...
DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface. An attacker wh...
RUSTSEC-2026-0189 DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface. An attacker wh...