CVE Catalog

CVE-2026-34237

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

MCP Java SDK, the official Java SDK for Model Context Protocol servers and clients, had a hardcoded wildcard CORS vulnerability prior to versions 0.83.0, 1.0.1, and 1.1.1. This issue has been patched in the mentioned versions.

Risk Assessment

This vulnerability could allow attackers to access server resources from unauthorized sources, potentially leading to data leaks or other attacks.

Recommendation

It is recommended to upgrade to versions 0.83.0, 1.0.1, or 1.1.1 to mitigate this vulnerability.

Original NVD description (English source)

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS