The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.
Impact:
A malicious website may have been able to send cross-site POST requests with Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.
Fix:
The SDK was modified to perform Content-Type header validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.
Note: v1.4.1 requires Go 1.25 or later.
Credits:
Thank you to Lê Minh Quân for reporting the issue.
aleister1102 Reporter
The Go SDK's Streamable HTTP transport accepted browser-generated cross-site
POSTrequests without validating theOriginheader and without requiringContent-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.Impact:
A malicious website may have been able to send cross-site POST requests with
Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.Fix:
The SDK was modified to perform
Content-Typeheader validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.Note: v1.4.1 requires Go 1.25 or later.
Credits:
Thank you to Lê Minh Quân for reporting the issue.