CVE-2026-33252 in go-sdk
Summary
by MITRE • 03/24/2026
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution. Version 1.4.1 contains a patch for the issue.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/28/2026
The vulnerability described in CVE-2026-33252 represents a critical security flaw within the Go MCP SDK that stems from improper validation of incoming HTTP requests. This issue specifically affects versions prior to 1.4.1 and manifests in the Streamable HTTP transport component that handles browser-generated cross-site POST requests. The flaw occurs when the SDK fails to enforce proper origin validation and content-type checking, creating a pathway for malicious actors to exploit the system through unauthorized request injection.
The technical implementation of this vulnerability involves the Go standard library's encoding/json package being utilized for request processing without adequate security controls. When the SDK processes HTTP POST requests, it does not validate the Origin header that browsers automatically include in cross-site requests, nor does it enforce the required Content-Type header to be application/json. This absence of validation creates an attack surface where external websites can craft malicious requests that appear legitimate to the SDK's transport layer, bypassing expected security boundaries.
The operational impact of this vulnerability is particularly severe in stateless or sessionless server deployments where authorization mechanisms are either absent or insufficient. Attackers can leverage this flaw to send MCP requests from arbitrary websites to local servers, potentially triggering unauthorized tool execution and command processing. The vulnerability essentially allows for cross-site request forgery attacks where the victim's browser automatically includes the necessary headers to make requests appear legitimate, while the server processes these requests without proper validation. This scenario is especially dangerous when the target server processes MCP commands that could execute arbitrary code or access sensitive resources.
The security implications extend beyond simple request forgery to encompass potential privilege escalation and unauthorized system access. When deployed in environments without proper authorization controls, an attacker can effectively bypass authentication mechanisms by exploiting the lack of Origin header validation. This vulnerability aligns with CWE-346, which addresses "Origin Validation Error" in web applications, and represents a classic case of insufficient input validation that allows for unauthorized access patterns. The ATT&CK framework would categorize this as a technique involving "Web Application Attack" and potentially "Command and Scripting Interpreter" if the executed tools can perform system-level operations.
The remediation for this vulnerability requires upgrading to version 1.4.1 or later of the Go MCP SDK, which includes patches addressing the missing Origin header validation and Content-Type enforcement. Organizations should implement immediate upgrades across all affected systems and conduct thorough security assessments to ensure no unauthorized access has occurred. Additional mitigations include implementing proper authorization controls, enforcing strict Content-Type validation at the network level, and deploying web application firewalls that can detect and block suspicious cross-site requests. Security teams should also monitor for potential exploitation attempts and review access logs for any anomalous patterns that might indicate unauthorized tool execution.
This vulnerability demonstrates the critical importance of proper HTTP request validation in web applications, particularly when dealing with browser-based communication protocols. The flaw highlights the need for comprehensive security controls that validate not just the content of requests but also their origin and proper headers. Organizations should establish robust security practices that include regular dependency updates, security code reviews, and automated vulnerability scanning to prevent similar issues from arising in other components of their software ecosystems. The incident underscores the necessity of following security best practices such as the principle of least privilege and defense in depth to protect against cross-site request forgery attacks and unauthorized access patterns.