The official Model Context Protocol Go SDK (maintained by Anthropic) did not enable DNS rebinding protection by default for HTTP-based MCP servers running on localhost. Any malicious website visited on the same machine could exploit DNS rebinding to bypass the browser's same-origin policy and send arbitrary requests to the developer's local MCP server — invoking tools and accessing resources using the developer's own credentials and permissions. The issue affects servers using StreamableHTTPHandler or SSEHandler; stdio transport is not affected. Fixed in v1.4.0, which enables protection by default.
The attack mechanism: DNS rebinding resolves a malicious domain to 127.0.0.1 after the browser's initial connection, allowing the attacker-controlled page to make cross-origin requests to the local MCP server as if it were same-origin. Developers routinely run local MCP servers with production credentials, broad filesystem access, and no authentication — making this the default attack surface for any developer machine.
This is the third MCP Go SDK security issue in 90 days (CVE-2026-27896 JSON parsing bypass, CVE-2026-25536 session state sharing, now CVE-2026-34742). The pattern indicates systematic gaps in the official SDK's security posture, not isolated bugs. With MCP adoption accelerating across enterprises, the official SDK's security track record is now a category risk.
Immediate recommendation: Update the MCP Go SDK to v1.4.0 immediately. If you cannot update, never run MCP HTTP servers on localhost without authentication; use stdio transport for local development instead.