CVE-2026-34237
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 1.0.1 and 1.1.1.
The official Java SDK for Model Context Protocol servers and clients. Maintained in collaboration with Spring AI
GitHub