CVE-2025-9611 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS r…
High CVSS: 7.2

CVE-2025-9611

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.
Vendor
-
Product
-
CWE
CWE-749
Yayın Tarihi
2026-01-07 12:17:06
Güncelleme
2026-01-08 18:08:54
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-749 HIGH 2026

Referanslar

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg3 https://github.com/microsoft/playwright/commit/1313fbd https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation