CVE-2026-42559: RMCP Rust SDK Vulnerable to DNS Rebinding

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-346cwe-350
CVE-2026-42559: RMCP Rust SDK Vulnerable to DNS Rebinding

The National Vulnerability Database has issued an advisory for CVE-2026-42559, affecting the RMCP Rust SDK. Specifically, the rmcp crate’s Streamable HTTP server transport, found in crates/rmcp/src/transport/streamable_http_server/, did not validate the incoming Host header prior to version 1.4.0. This critical flaw opens the door for DNS rebinding attacks.

Attackers can leverage this vulnerability by hosting a malicious public website. When a victim browses this site, it can send authenticated requests to an MCP server running on the victim’s loopback or private-network interface. The lack of Host header validation means the server trustingly processes these requests, effectively bypassing same-origin policies and network segmentation. This is a severe bypass, rated 8.8 (HIGH) on the CVSS scale.

The fix is available in version 1.4.0 of the rmcp crate. Organizations utilizing the RMCP Rust SDK must prioritize this update. Ignoring Host header validation is a fundamental security misstep that attackers consistently exploit to pivot from client-side compromises to internal network access. This isn’t theoretical; it’s a proven attack vector that puts internal services at risk.

What This Means For You

  • If your organization develops or uses applications built with the RMCP Rust SDK, specifically the `rmcp` crate, you are directly exposed to DNS rebinding attacks. Check your dependencies immediately and ensure all instances are updated to version 1.4.0 or newer to mitigate CVE-2026-42559. This isn't a future problem; attackers are already chaining browser-based exploits with internal network access vulnerabilities like this.

Related ATT&CK Techniques

T1566.002 Phishing: Spearphishing Link Initial Access T1071.001 Web Protocols: HTTP Command and Control T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1189 Initial Access

CVE-2026-42559: RMCP Rust SDK Host Header DNS Rebinding Attempt

Sigma YAML — free preview 
title: CVE-2026-42559: RMCP Rust SDK Host Header DNS Rebinding Attempt
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
  Detects potential DNS rebinding attacks targeting the RMCP Rust SDK. This rule looks for HTTP POST requests to '/rmcp' endpoints, originating from a public website (indicated by the referer header), and directed towards localhost (127.0.0.1). This behavior is specific to CVE-2026-42559 where the SDK did not validate the Host header, allowing external sites to bind to internal services.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42559/
tags:
  - attack.initial_access
  - attack.t1189
logsource:
    category: webserver
detection:
  selection:
      cs-uri.keyword: '*'
      referer|contains:
          - 'http://'
      cs-method: 'POST'
      cs-uri-query|contains:
          - '/rmcp'
      dst_ip: '127.0.0.1'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42559 Auth Bypass rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) in RMCP prior to version 1.4.0
CVE-2026-42559 Misconfiguration Lack of Host header validation in RMCP Streamable HTTP server transport
CVE-2026-42559 Auth Bypass DNS rebinding attack against RMCP server

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 14, 2026 at 18:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-42589: Gotenberg RCE via ExifTool Argument Injection

CVE-2026-42589 — Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes...

vulnerabilityCVEcriticalhigh-severitycwe-78
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs

CVE-2026-42283: DevSpace UI WebSocket Exposes Developer Endpoints

CVE-2026-42283 — DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins...

vulnerabilityCVEhigh-severitycwe-200cwe-306
/SCW Vulnerability Desk /HIGH /7.7 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-40893: Gotenberg Allows Arbitrary File Manipulation

CVE-2026-40893 — Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName...

vulnerabilityCVEhigh-severityarbitrary-file-accesscwe-73cwe-184
/SCW Vulnerability Desk /HIGH /8.2 /⚑ 3 IOCs /⚙ 3 Sigma