CVE-2026-34237

Medium CVSS: 6.1

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 1.0.1 and 1.1.1.

Vendor

Lfprojects

Product

Mcp Java Sdk

CWE

CWE-942

Yayın Tarihi

2026-03-31 16:16:32

Güncelleme

2026-04-03 14:29:40

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-942 Mcp Java Sdk MEDIUM Lfprojects 2026

Referanslar

https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletSseServerTransportProvider.java#L289 https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java#L525 https://github.com/modelcontextprotocol/java-sdk/security/advisories/GHSA-hv2w-8mjj-jw22

Benzer Kayıtlar

High

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no…

High

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby S…

Critical

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar a…

Medium

CVE-2026-29791

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environmen…

High

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal…

Medium

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed ke…