Description
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.
Published: 2026-02-26
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Protocol validation bypass leading to unauthorized behavior
Action: Patch
AI Analysis

Impact

The vulnerability arises from the Go MCP SDK's use of Go's standard encoding/json.Unmarshal for parsing JSON-RPC and MCP protocol messages in versions before 1.3.1. Unlike the JSON-RPC 2.0 specification, which requires exact matching of field names, this unmarshal routine matches keys case-insensitively. As a result, a field tagged json:"method" would also match "Method", "METHOD", or any other casing variant. An attacker able to control the content of a remote MCP peer could send protocol messages that use non-standard casing. The SDK would accept these values silently, potentially bypassing intermediary inspection and exposing inconsistencies between implementations. The outcome could be unauthorized manipulation of protocol behavior or the execution of unintended actions, depending on how the application uses the parsed data. The issue is reflected by CWE-178 (Improper Validation of Arguments) and CWE-436 (Improper Treatment of Input).

Affected Systems

Users employing the MCP Go SDK prior to version 1.3.1 are affected. The affected product is the modelcontextprotocol go-sdk, also known as lfprojects:mcp_go_sdk. Any deployment that relies on this SDK for handling MCP protocol or JSON-RPC messages must upgrade to version 1.3.1 or later to receive the case-sensitive JSON decoder that was introduced in commit 7b8d81c.

Risk and Exploitability

The CVSS v3.1 score for this flaw is 7.0, indicating a high severity. The EPSS score is below 1%, showing that the probability of public exploitation at this time is very low. The vulnerability is not listed in the CISA KEV catalog. The likely attack path involves a malicious MCP peer that sends JSON-RPC messages with improperly cased field names. Since the untrusted peer input is parsed without strict field name validation, an attacker can trigger the SDK to treat these messages as valid, bypassing checks that would normally reject them. The impact is confined to systems that use the affected SDK version and accept connections from such peers; however, the non-compliant behavior can lead to unpredictable application behavior, data corruption, or other unintended effects.

Generated by OpenCVE AI on April 17, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch by updating the MCP Go SDK to version 1.3.1 or later, which introduces a case-sensitive JSON decoder.
  • After updating, enforce strict validation of all received JSON-RPC messages and log any use of non-standard field casing for audit purposes.
  • Limit the SDK’s exposure by restricting its use to trusted MCP peers and, where feasible, perform peer authentication before accepting protocol traffic.

Generated by OpenCVE AI on April 17, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wvj2-96wp-fq3f MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
History

Tue, 14 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Lfprojects
Lfprojects mcp Go Sdk
CPEs cpe:2.3:a:lfprojects:mcp_go_sdk:*:*:*:*:*:*:*:*
Vendors & Products Lfprojects
Lfprojects mcp Go Sdk
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Sat, 28 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

threat_severity

Important

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Modelcontextprotocol
Modelcontextprotocol go-sdk
Vendors & Products Modelcontextprotocol
Modelcontextprotocol go-sdk

Thu, 26 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.
Title MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
Weaknesses CWE-178
CWE-436
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Lfprojects Mcp Go Sdk
Modelcontextprotocol Go-sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T17:06:41.150Z

Reserved: 2026-02-24T15:19:29.717Z

Link: CVE-2026-27896

cve-icon Vulnrichment

Updated: 2026-02-26T17:06:34.996Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T01:16:25.630

Modified: 2026-04-14T00:40:00.510

Link: CVE-2026-27896

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-26T00:47:46Z

Links: CVE-2026-27896 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses