Intel

AIKIDO-2026-778115

rmcp is vulnerable to Origin Validation Error

Origin Validation ErrorGHSA-33f5-2c5q-wgwj Published Jul 1, 2026

82

High Risk

This Affects:

RUSTrmcp
0.8.2 - 1.8.0
Fixed in 2.0.0
Are you affected? Scan for Free

TL;DR

The rmcp OAuth client discovers OAuth Protected Resource metadata (RFC 9728) in crates/rmcp/src/transport/auth.rs but does not validate the resource field against the MCP server it is connecting to. A malicious MCP server can return metadata whose resource points at a legitimate server, causing the client to start an OAuth flow with the legitimate authorization server and then send the resulting access token back to the attacker. This enables access token theft and full impersonation of the victim on the legitimate server. The fix adds the resource field to the metadata struct and rejects metadata whose resource does not match the configured server origin.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application uses the rmcp OAuth client to authenticate to MCP servers.

Background info

rmcp is vulnerable to Origin Validation Error in versions 0.8.2 - 1.8.0.

How to fix this

Upgrade the rmcp library to the patch version.