CVE-2026-34237 | modelcontextprotocol java-sdk up to 1.0.0/1.1.0 cross-domain policy

A vulnerability labeled as critical has been found in modelcontextprotocol java-sdk up to 1.0.0/1.1.0. This vulnerability affects unknown code. Such manipulation leads to permissive cross-domain policy with untrusted domains.

This vulnerability is traded as CVE-2026-34237. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More