Microsoft Playwright MCP Server DNS Rebinding Vulnerability
Vulnerability
A DNS rebinding vulnerability has been identified in Microsoft Playwright MCP Server versions prior to 0.0.40. The issue arises because the server fails to properly validate the Origin header on incoming connections. This oversight allows attackers to exploit the server via a victim's web browser, sending unauthorized requests to a locally running MCP server. As a result, this can lead to the unintended activation of MCP tool endpoints.
Impact
Exploitation of this vulnerability allows attackers to send unauthorized requests to a victim's locally running MCP server, invoking all MCP tool endpoints without the user's consent.
Reproduction
To reproduce this vulnerability, first, run a Microsoft Playwright MCP Server instance on a local machine with a version prior to 0.0.40. Then, send a request to the server's MCP endpoint, including a crafted Origin header that points to an attacker's domain. The server should respond as if the request was legitimate, demonstrating that it accepted the unauthorized invocation of MCP tool commands.
Remediation
Users can upgrade to Microsoft Playwright MCP Server version 0.0.40 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.