/usr/lib/go-1.23/bin/go
==========================================
CVE-2026-34742 Variant/Bypass Reproduction
SSEHandler DNS Rebinding Bypass
==========================================


Source Identity Verification:
Vulnerable SDK (v1.3.0):
6b75899fd7dbc168b44b9403b7556be077f88fee

Patched SDK (v1.4.0):
c9317fb5b75328ca2faeaf8ea0e23a53c37de49f

========================================
VARIANT 1: SSEHandler DNS Rebinding
Testing against PATCHED version (v1.4.0)
========================================

Building SSE variant test against PATCHED SDK...
go: module /data/pruva/runs/56f9c542-afe7-4761-a739-9003d0c95298/go-sdk-patched requires go >= 1.24.0; switching to go1.25.8
# sse_bypass_test
./main.go:4:2: "encoding/json" imported and not used
./main.go:26:5: cannot use func(r *mcp.CallToolRequest) (*mcp.CallToolResult, error) {…} (value of type func(r *mcp.CallToolRequest) (*mcp.CallToolResult, error)) as mcp.ToolHandler value in argument to server.AddTool
ERROR: Failed to build SSE variant test
# sse_bypass_test
./main.go:4:2: "encoding/json" imported and not used
./main.go:26:5: cannot use func(r *mcp.CallToolRequest) (*mcp.CallToolResult, error) {…} (value of type func(r *mcp.CallToolRequest) (*mcp.CallToolResult, error)) as mcp.ToolHandler value in argument to server.AddTool