Detections
Analytics

MCP SSE DNS Rebinding

medium Web App Scanning Plugin ID 114885

Language:

Synopsis

MCP SSE DNS Rebinding

Description

ModelContextProtocol (MCP) servers using SSE (Server-Sent Events) transport mode are prone to DNS rebinding attacks when they do not enforce strict verification of both the 'Origin' and 'Host' headers. This vulnerability allows an attacker to bypass same-origin policies, potentially leading to unauthorized access to sensitive data or actions on behalf of the user in the context of the vulnerable MCP server.

This detection is included in the AI and LLM category.

Solution

Ensure that the MCP server enforces both the 'Origin' and the 'Host' header validation to prevent DNS rebinding attacks. This can be achieved by implementing strict validation rules for incoming requests, ensuring that the 'Host' header matches the expected domain and that the 'Origin' header is from a trusted source.

See Also

https://modelcontextprotocol.io/docs/concepts/transports

Plugin Details

Severity: Medium

ID: 114885

Type: remote

Published: 6/20/2025

Updated: 6/20/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CVSS Score Source: Tenable

Reference Information