Go MCP SDK Streamable HTTP Transport Cross-Site Request Vulnerability

A vulnerability in the Go Model Context Protocol (MCP) SDK's Streamable HTTP transport allowed cross-site `POST` requests to be accepted without proper validation of the `Origin` header or enforcement of the `Content-Type: application/json` requirement. This issue was present in versions through 1.4.0. In environments lacking authorization, particularly those that are stateless or sessionless, it enabled arbitrary websites to send MCP requests to a local server, potentially triggering the execution of tools. The vulnerability arose because the HTTP transport did not verify the origin of requests, leaving a gap that could be exploited by malicious sites.

Impact

Exploitation could have led to unauthorized execution of tools on the local server via cross-site `POST` requests that bypassed standard CORS protections.

Reproduction

The vulnerability can be reproduced by sending a `POST` request from a browser or an arbitrary website to a server running the affected Go MCP SDK version. The request must include an `Origin` header from a trusted site and a `Content-Type` of `text/plain`, which would be accepted due to CORS-safelisted properties. This can be done using browser developer tools or through a script that simulates the cross-origin request.

Remediation

Users are advised to update the Go MCP SDK to version 1.4.1 or later, which includes the necessary validation of the `Content-Type` header and origin verification for `POST` requests. Version 1.4.1 requires Go 1.25 or later.