{
  "variant_id": "CVE-2026-34742-SSEHandler-Bypass",
  "created_at": "2026-04-04T13:00:00Z",
  "variant_summary": "DNS Rebinding bypass in Go MCP SDK v1.4.0 via SSEHandler. The patch for CVE-2026-34742 only fixed StreamableHTTPHandler but left SSEHandler unprotected, allowing the same DNS rebinding attack to succeed through SSE endpoints.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/modelcontextprotocol/go-sdk",
  "submitted_target": {
    "target_kind": "git_tag",
    "version": "v1.3.0",
    "ref": "v1.3.0",
    "display": "v1.3.0 (vulnerable)"
  },
  "variant_target": {
    "target_kind": "git_tag",
    "commit_sha": "c9317fb5b75328ca2faeaf8ea0e23a53c37de49f",
    "version": "v1.4.0",
    "ref": "v1.4.0",
    "display": "v1.4.0 (partially patched)"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "DNS Rebinding via StreamableHTTPHandler",
  "validated_surface": "DNS Rebinding via SSEHandler (bypass of StreamableHTTPHandler fix)",
  "required_entrypoint_kind": "http_endpoint",
  "required_entrypoint_detail": "SSEHandler.ServeHTTP endpoint at /mcp (or custom path)",
  "attacker_controlled_input": "HTTP Host header, DNS resolution",
  "trigger_path": "mcp/sse.go:181 -> SSEHandler.ServeHTTP processes request without validating Host header against local bind address",
  "observed_impact_class": "ssrf",
  "exploitability_confidence": "high",
  "evidence_scope": "runtime",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "file_path": "mcp/sse.go",
  "line_start": 181,
  "line_end": 250,
  "secondary_anchors": [
    {
      "file_path": "mcp/streamable.go",
      "line_start": 230,
      "line_end": 241,
      "note": "Protection logic that should be replicated in SSEHandler"
    },
    {
      "file_path": "mcp/streamable.go",
      "line_start": 167,
      "line_end": 172,
      "note": "DisableLocalhostProtection option documentation"
    },
    {
      "file_path": "internal/mcpgodebug/mcpgodebug.go",
      "line_start": 1,
      "line_end": 50,
      "note": "Environment variable bypass mechanism"
    }
  ],
  "review_scope_paths": [
    "mcp/sse.go",
    "mcp/streamable.go",
    "internal/mcpgodebug/",
    "internal/util/net.go"
  ],
  "artifact_refs": {
    "variant_manifest": "vuln_variant/variant_manifest.json",
    "validation_verdict": "vuln_variant/validation_verdict.json",
    "runtime_manifest": "vuln_variant/runtime_manifest.json",
    "repro_log": "logs/vuln_variant/execution.log"
  }
}