SecBoard
Zurück zur CVE-Übersicht

CVE-2026-34237

MEDIUM(6.1)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Risk Signal Score15/100 — NIEDRIG
  • CVSS 6.1 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.1

Technische Schwere

Beschreibung

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1.

GitHub Advisories

GHSA-hv2w-8mjj-jw22MEDIUM

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

maven/io.modelcontextprotocol.sdk:mcp-core1.1.1
GitHub Advisory

Referenzen