CVE-2026-33252

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.

Impact:

A malicious website may have been able to send cross-site POST requests with Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.

Fix:

The SDK was modified to perform Content-Type header validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.

Note: v1.4.1 requires Go 1.25 or later.

Credits:

Thank you to Lê Minh Quân for reporting the issue.