Intel

AIKIDO-2026-106117

mcp is vulnerable to Origin Validation Error

Origin Validation ErrorGHSA-rjr6-rcgv-9m7m Published Today

53

Medium Risk

This Affects:

RUBYmcp
0.1.0 - 0.22.0
Fixed in 0.23.0
Are you affected? Scan for Free

TL;DR

The MCP::Server::Transports::StreamableHTTPTransport processes JSON-RPC requests without inspecting the HTTP Host or Origin headers, and ships no allowlist or DNS-rebinding guard. A local MCP server bound to a loopback or LAN port can therefore be driven cross-origin by any web page the victim visits through a DNS-rebinding attack, letting the page create a session and invoke exposed tools. This can disclose local data such as files, secrets, or command output to an attacker origin. The fix validates Host and Origin headers against an allowlist and rejects disallowed requests with HTTP 403.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and expose the Streamable HTTP transport over a local or network-reachable HTTP port.

Background info

mcp is vulnerable to Origin Validation Error in versions 0.1.0 - 0.22.0.

How to fix this

Upgrade the mcp library to the patch version.