{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-23T23:44:16Z",
  "bugzilla" : {
    "description" : "encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery",
    "id" : "2450542",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2450542"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-940",
  "details" : [ "The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution. Version 1.4.1 contains a patch for the issue.", "A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard `encoding/json` package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery (CSRF) vulnerability. By sending browser-generated cross-site `POST` requests to a local server without proper validation of the `Origin` header or `Content-Type`, an attacker can potentially trigger unauthorized tool execution." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.28",
    "release_date" : "2026-05-28T00:00:00Z",
    "advisory" : "RHSA-2026:21772",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.28::el9",
    "package" : "devspaces/udi-rhel9:1779829736"
  } ],
  "package_state" : [ {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "migration-toolkit-virtualization/mtv-cli-download-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-api-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-cli-download-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-controller-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-operator-bundle",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed/openshift-mcp-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "openshift-serverless-1/kn-client-kn-rhel9",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "openshift-serverless-1/kn-plugin-func-func-util-rhel9",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "openshift-serverless-clients",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Not affected",
    "package_name" : "golang1.25",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Not affected",
    "package_name" : "golang1.26",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33252\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33252\nhttps://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc\nhttps://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-89xv-2j6f-qhc8" ],
  "name" : "CVE-2026-33252",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, ensure that deployments utilizing the Go MCP SDK are configured with proper authorization mechanisms. This prevents unauthorized cross-site requests from triggering tool execution. Additionally, restrict network access to the local server running the SDK to trusted sources only, using firewall rules to limit exposure.",
    "lang" : "en:us"
  },
  "csaw" : false
}