EXECUTIVE SUMMARY:
CVE-2026-42559 with a CVSS score of 8.8 is a DNS rebinding vulnerability in the rmcp crate's Streamable HTTP server transport. The affected product is the rmcp package, which does not validate the incoming Host header. An attacker can exploit this vulnerability by convincing a victim to visit a malicious page, allowing the attacker to send authenticated requests to a locally-running rmcp-based MCP server via a DNS rebinding attack. This enables the attacker to enumerate and invoke any tool exposed by the server, read resources and prompts, and trigger side effects, potentially leading to arbitrary code execution on the victim's machine. The business impact and consequences of exploitation are severe, as MCP servers frequently run with the user's privileges and expose developer tooling, which can be leveraged by an attacker. To exploit this vulnerability, an attacker requires access to the victim's browser and the ability to control the DNS resolution for a malicious domain.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-42559 with a CVSS score of 8.8 is a DNS rebinding vulnerability in the rmcp crate's Streamable HTTP server transport. The affected product is the rmcp package, which does not validate the incoming Host header. An attacker can exploit this vulnerability by convincing a victim to visit a malicious page, allowing the attacker to send authenticated requests to a locally-running rmcp-based MCP server via a DNS rebinding attack. This enables the attacker to enumerate and invoke any tool exposed by the server, read resources and prompts, and trigger side effects, potentially leading to arbitrary code execution on the victim's machine. The business impact and consequences of exploitation are severe, as MCP servers frequently run with the user's privileges and expose developer tooling, which can be leveraged by an attacker. To exploit this vulnerability, an attacker requires access to the victim's browser and the ability to control the DNS resolution for a malicious domain.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update rmcp to version 1.6.0 or later.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-89vp-x53w-74fx