RUSTSEC-2026-0140

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0140

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0140.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2026-0140

Aliases

Related

GHSA-89vp-x53w-74fx

Published

2026-05-12T12:00:00Z

Modified

2026-05-19T05:50:44Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

Details

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap.

A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header, which the server would then process. The Host check alone did not close a related cross-origin CSRF vector: a page could fetch the loopback endpoint with mode: 'no-cors', and the Host header would match while the Origin header went unchecked.

Affected MCP write tools include put_item, update_item, delete_item, create_table, and batch_write_item.

The stdio transport (dynoxide mcp without --http) is not affected.

Patches

dynoxide 0.9.13 closes both vectors:

Upgrades rmcp from 1.1.1 to 1.6.0 (which ships a default Host-header allowlist).
Sets explicit allowed_hosts and allowed_origins on StreamableHttpServerConfig.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / dynoxide-rs

Package

Name: dynoxide-rs; View open source insights on deps.dev
Purl: pkg:cargo/dynoxide-rs

Affected ranges

Type: SEMVER
Events: Introduced

0.9.3

Fixed

0.9.13

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "functions": [],
        "arch": [],
        "os": []
    }
}