CVE-2026-42559

HIGH7.5EPSS 0.01%

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

Published: 5/18/2026Modified: 5/19/2026
Also known as:GHSA-89vp-x53w-74fxGHSA-fvh2-gm75-j4j7CGA-9xhh-g3m3-9725RUSTSEC-2026-0140

Description

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive `rmcp` dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local `dynoxide mcp --http` or `dynoxide serve --mcp` server with a non-loopback `Host` header, which the server would then process. The Host check alone did not close a related cross-origin CSRF vector: a page could `fetch` the loopback endpoint with `mode: 'no-cors'`, and the Host header would match while the Origin header went unchecked. Affected MCP write tools include `put_item`, `update_item`, `delete_item`, `create_table`, and `batch_write_item`. The stdio transport (`dynoxide mcp` without `--http`) is not affected. ## Patches dynoxide 0.9.13 closes both vectors: - Upgrades `rmcp` from 1.1.1 to 1.6.0 (which ships a default Host-header allowlist). - Sets explicit `allowed_hosts` and `allowed_origins` on `StreamableHttpServerConfig`.

Affected packages (4)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (13)