VYPR

Maven package

io.modelcontextprotocol.sdk/mcp-core

pkg:maven/io.modelcontextprotocol.sdk/mcp-core

Vulnerabilities (2)

  • CVE-2026-35568MedApr 7, 2026
    affected < 1.0.0fixed 1.0.0

    MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that i

  • CVE-2026-34237MedMar 31, 2026
    affected < 1.0.1fixed 1.0.1

    MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1.