2450542 – (CVE-2026-33252) CVE-2026-33252 encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery

Bug 2450542 (CVE-2026-33252) - CVE-2026-33252 encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery

Summary: CVE-2026-33252 encoding/json: golang: github.com/modelcontextprotocol/go-sdk:...

Keywords:
Status:	NEW
Alias:	CVE-2026-33252
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2450665 2450666 2450667 2450668
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-24 00:01 UTC by OSIDB Bzimport
Modified:	2026-03-24 09:39 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-24 00:01:52 UTC

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution. Version 1.4.1 contains a patch for the issue.

Note You need to log in before you can comment on or make changes to this bug.

anpicker
bparees
dfreiber
dhanak
drosa
drow
dsimansk
hasun
jburrell
jfula
jkoehler
jowilson
kingland
kverlaen
lphiri
mnovotny
nyancey
ometelka
ptisnovs
sausingh
sdawley
syedriko
vkumar
xdharmai