Description
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.
Published: 2026-04-07
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The MCP Java SDK contains a DNS rebinding flaw that lets an attacker trick a victim’s browser into communicating with a locally or network‑private MCP server. By resolving the server’s internal hostname to the attacker’s domain, the browser can issue tool calls that normally require trust, effectively acting as if the attacker were a bona‑fide local agent. This grants the attacker the ability to invoke any exposed function on the MCP server, risking arbitrary code execution and data leakage. The weakness is classified as CW‑346, a misuse of resources through identity circumvention.

Affected Systems

The vulnerability affects the Model Context Protocol Java SDK, specifically versions older than 1.0.0. System administrators using these versions should verify that the application runs on a protected network and is not accessible from untrusted browsers.

Risk and Exploitability

The CVSS base score of 7.6 indicates a high severity, but the EPSS score of less than 1 % shows a low probability of exploitation in the wild. The flaw is not yet listed in the CISA KEV catalog. Exploitation requires an attacker to host a malicious site and convince a victim with network proximity to visit it, making the attack vector a web‑based DNS rebinding scenario.

Generated by OpenCVE AI on April 14, 2026 at 20:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MCP Java SDK to version 1.0.0 or later.
  • Ensure that the MCP server is not reachable from untrusted networks or browsers.
  • Restrict DNS resolution to internal hosts and block DNS rebinding techniques at the network level.

Generated by OpenCVE AI on April 14, 2026 at 20:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8jxr-pr72-r468 Java-SDK has a DNS Rebinding Vulnerability
History

Tue, 14 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Lfprojects
Lfprojects mcp Java Sdk
CPEs cpe:2.3:a:lfprojects:mcp_java_sdk:*:*:*:*:*:*:*:*
Vendors & Products Lfprojects
Lfprojects mcp Java Sdk
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Modelcontextprotocol
Modelcontextprotocol java-sdk
Vendors & Products Modelcontextprotocol
Modelcontextprotocol java-sdk

Wed, 08 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.
Title MCP Java-SDK has a DNS Rebinding Vulnerability
Weaknesses CWE-346
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Lfprojects Mcp Java Sdk
Modelcontextprotocol Java-sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-08T15:43:22.962Z

Reserved: 2026-04-03T20:09:02.826Z

Link: CVE-2026-35568

cve-icon Vulnrichment

Updated: 2026-04-08T15:43:17.026Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T22:16:23.433

Modified: 2026-04-14T19:31:16.197

Link: CVE-2026-35568

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:15:11Z

Weaknesses