RUSTSEC-2026-0189

Source
https://rustsec.org/advisories/RUSTSEC-2026-0189
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0189.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0189
Aliases
Related
Published
2026-04-29T12:00:00Z
Modified
2026-06-30T07:16:56Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Details

Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header.

This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface.

An attacker who convinced a victim to visit a malicious page could enumerate and invoke tools exposed by a locally running rmcp-based MCP server, read resources and prompts, and trigger side effects limited by the tools exposed by that server.

Non-HTTP transports such as stdio and child-process transports are not affected.

Patches

The issue was fixed in rmcp 1.4.0 by adding default loopback-only host allowlist validation for the Streamable HTTP server transport. Incoming HTTP requests now validate the Host header and return HTTP 403 when the host is not allowed.

Users should upgrade to rmcp >= 1.4.0.

Workarounds

If upgrading is not possible, place the MCP server behind a reverse proxy configured to reject requests whose Host header is not one of the expected hostnames. Do not bind the MCP server to 0.0.0.0 without such validation.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / rmcp

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
1.4.0

Ecosystem specific

{
    "affects": {
        "functions": [],
        "os": [],
        "arch": []
    },
    "affected_functions": null
}

Database specific

categories
[]
informational
null
source
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0189.json"
cvss
"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"