CVE lookup
CVE-2026-34742
Pruva has a verified reproduction for CVE-2026-34742: Go MCP SDK DNS Rebinding - Server-Side Request Forgery on AI Infrastructure. The canonical evidence record is REPRO-2026-00129.
REPRO
REPRO-2026-00129
Package
github.com/modelcontextprotocol/go-sdk · Go module
Severity
HIGH
Status
published