CVE-2026-34237
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
MCP Java SDK, the official Java SDK for Model Context Protocol servers and clients, had a hardcoded wildcard CORS vulnerability prior to versions 0.83.0, 1.0.1, and 1.1.1. This issue has been patched in the mentioned versions.
Risk Assessment
This vulnerability could allow attackers to access server resources from unauthorized sources, potentially leading to data leaks or other attacks.
Recommendation
It is recommended to upgrade to versions 0.83.0, 1.0.1, or 1.1.1 to mitigate this vulnerability.
Original NVD description (English source)
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1.

