Intel

AIKIDO-2026-49493

rmcp is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)GHSA-9pj6-vhgr-3mwh Published Jul 1, 2026

75

High Risk

This Affects:

RUSTrmcp
0.2.0 - 1.8.0
Fixed in 2.0.0
Are you affected? Scan for Free

TL;DR

The Streamable HTTP server transport in crates/rmcp/src/transport/streamable_http_server/tower.rs allocates a session via create_session before it validates the request body in handle_post. An unauthenticated remote attacker can send a well-formed JSON-RPC POST that is not an InitializeRequest, which triggers an early return without calling close_session, permanently leaking one LocalSessionHandle entry per request from the in-memory session table. Sustained requests grow memory without bound and eventually exhaust the server, causing denial of service. The fix moves request validation before session creation so non-initialize requests are rejected without allocating session state.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application runs the rmcp Streamable HTTP server transport.

Background info

rmcp is vulnerable to Denial of Service (DoS) in versions 0.2.0 - 1.8.0.

How to fix this

Upgrade the rmcp library to the patch version.