CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the SSE event server process. An attacker can access sensitive live filename streams by opening a cross-origin EventSource connection from a third-party page, allowing unauthoriz...

CVE-2026-46431 Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient ...

PT-2026-42207

Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...

EUVD-2026-29192

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

Directory Traversal

Overview excel-mcp-server is an Excel MCP Server for manipulating Excel files Affected versions of this package are vulnerable to Directory Traversal via the getexcelpath function. An attacker can read, write, overwrite, and create arbitrary files and directories on the host filesystem by supplyi...

GHSA-XW59-HVM2-8PJ6 DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...

CRLF Injection

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized input in the formatEventStreamMessage and formatEventStreamComment functions. An attacker can inject arbitrary Server-Sent Events...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the connection proxy by SSE endpoints, which could allo...

CVE-2026-29085

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...

CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

MCP MariaDB Server 安全漏洞

MCP MariaDB Server is an open source server implementation of the Large Language Model Context Protocol for MariaDB. A security vulnerability exists in MCP MariaDB Server version 0.1.0, which stems from a lack of user authentication for the SSE service and could lead to the disclosure of sensitiv...