📦

mcp_java_sdk

Vendor: lfprojects

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.18% Exploit Prob.

Latest CVE CVE-2026-35568 Apr 07

Security Vulnerability Index

Page 1 / 1

7.6 CVSS

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.

EPSS: 0.14%

Severity: HIGH

Apr 07, 2026

6.1 CVSS

CVE-2026-34237

RCE

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1.

EPSS: 0.22%

Severity: MEDIUM

Mar 31, 2026

Displaying 2 of 5 Total Entries

Total 1 Sections