CVE-2026-42559

描述

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive `rmcp` dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local `dynoxide mcp --http` or `dynoxide serve --mcp` server with a non-loopback `Host` header, which the server would then process. The Host check alone did not close a related cross-origin CSRF vector: a page could `fetch` the loopback endpoint with `mode: 'no-cors'`, and the Host header would match while the Origin header went unchecked. Affected MCP write tools include `put_item`, `update_item`, `delete_item`, `create_table`, and `batch_write_item`. The stdio transport (`dynoxide mcp` without `--http`) is not affected. ## Patches dynoxide 0.9.13 closes both vectors: - Upgrades `rmcp` from 1.1.1 to 1.6.0 (which ships a default Host-header allowlist). - Sets explicit `allowed_hosts` and `allowed_origins` on `StreamableHttpServerConfig`.

如何修補 CVE-2026-42559

要修補 CVE-2026-42559,請將受影響套件升級到下列已修補版本。

• —升級至 0.9.13 或更新版本
• —升級至 0.9.13 或更新版本
• —升級至 1.4.0 或更新版本
• —升級至 0.9.13 或更新版本

CVE-2026-42559 正在被利用嗎?

低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。

受影響套件(4)

• >= 0.9.3, < 0.9.13
• >= 0.9.3, < 0.9.13
• from 0, < 1.4.0
• >= 0.9.3, < 0.9.13

CVSS 分數

參考連結(13)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-42559
• PATCHcrates.io/crates/dynoxide-rs
• PATCHgithub.com/modelcontextprotocol/rust-sdk
• PATCHgithub.com/nubo-db/dynoxide
• WEB