REPRO-2026-00129 HIGH SSRF Verified

Go MCP SDK DNS Rebinding - Server-Side Request Forgery on AI Infrastructure

github.com/modelcontextprotocol/go-sdk (Go module) Apr 4, 2026

Open in Codespaces Download Script Download Variant Script

Confidence HIGH

Reproduced in 38m 55s

Tool calls 236

Affected < 1.4.0

Fixed in 1.4.0

What's the vulnerability?

DNS Rebinding vulnerability in Go MCP SDK < 1.4.0 allows attackers to bypass 127.0.0.1/localhost protection via DNS manipulation. Attack: 1) Attacker controls DNS and resolves malicious domain to their IP, 2) Sends MCP request claiming localhost origin, 3) MCP server accepts the connection based on DNS, 4) Attacker changes DNS to point to real malicious IP, 5) Server connects to attacker-controlled endpoint thinking it's localhost. Result: SSRF, credential theft, internal network access. Affects: Go MCP SDK < 1.4.0. Fixed: v1.4.0 added DNS rebinding protection. CVSS: 8.1. Reproduction: Clone go-mcp-sdk v1.3.0, build example server, simulate DNS rebinding with /etc/hosts manipulation, observe server connecting to attacker IP.

Root Cause Analysis

Variant Analysis

Bypass and alternate trigger exploration (if present).

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00129

or pruva-verify CVE-2026-34742

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00129/artifacts/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/rca_report.md7.9 KB

repro/reproduction_steps.sh10.2 KB

vuln_variant/rca_report.md7.5 KB

vuln_variant/reproduction_steps.sh14.0 KB

coding/proposed_fix.diff4.6 KB

bundle/ticket.json1.3 KB

bundle/AGENTS.repro.md0.9 KB

bundle/ticket.md0.9 KB

repro/runtime_manifest.json0.7 KB

repro/validation_verdict.json0.7 KB

logs/build.log0.0 KB

logs/go_mod.log0.0 KB

logs/server.log0.1 KB

logs/execution.log1.4 KB

vuln_variant/variant_manifest.json2.5 KB

vuln_variant/runtime_manifest.json1.9 KB

vuln_variant/test_env_bypass/go.sum1.5 KB

vuln_variant/test_env_bypass/main.go1.0 KB

vuln_variant/test_env_bypass/go.mod0.5 KB

vuln_variant/test_disable_protection/go.sum1.5 KB

vuln_variant/test_disable_protection/main.go1.1 KB

vuln_variant/test_disable_protection/go.mod0.5 KB

vuln_variant/source_identity.json0.7 KB

vuln_variant/patch_analysis.md4.9 KB

vuln_variant/validation_verdict.json2.3 KB

vuln_variant/test_sse_variant/go.sum1.5 KB

vuln_variant/test_sse_variant/main.go1.0 KB

vuln_variant/test_sse_variant/go.mod0.5 KB

logs/vuln_variant/go_mod_disable.log0.1 KB

logs/vuln_variant/test_disable_bypass.log0.2 KB

logs/vuln_variant/sse_server.log0.1 KB

logs/vuln_variant/build_env.log0.0 KB

logs/vuln_variant/build_sse_variant.log0.0 KB

logs/vuln_variant/env_server.log0.1 KB

logs/vuln_variant/disable_server.log0.1 KB

logs/vuln_variant/go_mod_sse_variant.log0.1 KB

logs/vuln_variant/build_disable.log0.0 KB

logs/vuln_variant/vulnerable_commit.txt0.0 KB

logs/vuln_variant/test1_normal.log0.0 KB

logs/vuln_variant/test_env_bypass.log0.2 KB

logs/vuln_variant/test2_dns_rebinding.log0.0 KB

logs/vuln_variant/test1_get.log0.1 KB

logs/vuln_variant/patched_commit.txt0.0 KB

logs/vuln_variant/test1_localhost.log0.0 KB

logs/vuln_variant/go_mod_env.log0.1 KB

logs/vuln_variant/execution_2.log3.3 KB

logs/vuln_variant/execution.log1.3 KB

coding/verify_fix.sh0.8 KB

coding/summary_report.md2.9 KB