The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.
A malicious website may have been able to send cross-site POST requests with Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.
The SDK was modified to perform Content-Type header validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.
Note: v1.4.1 requires Go 1.25 or later.
Thank you to Lê Minh Quân for reporting the issue.
| Score | Percentile |
|---|---|
| 0.01% | 0.50% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.1 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-89xv-2j6f-qhc8 ↗ |
| CVE | CVE-2026-33252 ↗ |
| CWE id | Name |
|---|---|
| CWE-352 | Cross-Site Request Forgery (CSRF) |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| go | github.com/modelcontextprotocol/go-sdk | <= 1.4.0 | 1.4.1 | — |