{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27896", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T15:19:29.717Z", "datePublished": "2026-02-26T00:47:46.967Z", "dateUpdated": "2026-02-26T17:06:41.150Z"}, "containers": {"cna": {"title": "MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity", "problemTypes": [{"descriptions": [{"cweId": "CWE-178", "lang": "en", "description": "CWE-178: Improper Handling of Case Sensitivity", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-436", "lang": "en", "description": "CWE-436: Interpretation Conflict", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f"}, {"name": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0", "tags": ["x_refsource_MISC"], "url": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0"}], "affected": [{"vendor": "modelcontextprotocol", "product": "go-sdk", "versions": [{"version": "< 1.3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T00:47:46.967Z"}, "descriptions": [{"lang": "en", "value": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags \u2014 a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue."}], "source": {"advisory": "GHSA-wvj2-96wp-fq3f", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T17:06:14.973622Z", "id": "CVE-2026-27896", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:06:41.150Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T17:06:14.973622Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:06:34.996Z"}}], "cna": {"title": "MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity", "source": {"advisory": "GHSA-wvj2-96wp-fq3f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "modelcontextprotocol", "product": "go-sdk", "versions": [{"status": "affected", "version": "< 1.3.1"}]}], "references": [{"url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f", "name": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0", "name": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags \u2014 a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-178", "description": "CWE-178: Improper Handling of Case Sensitivity"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T00:47:46.967Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27896", "state": "PUBLISHED", "dateUpdated": "2026-02-26T17:06:41.150Z", "dateReserved": "2026-02-24T15:19:29.717Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-26T00:47:46.967Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mcp_go_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "F490537C-6089-4989-A1B4-4072EADBA4DF", "versionEndExcluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags \u2014 a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue."}, {"lang": "es", "value": "El SDK de Go MCP utilizaba la funci\u00f3n est\u00e1ndar `encoding/json.Unmarshal` de Go para el an\u00e1lisis de mensajes del protocolo JSON-RPC y MCP en versiones anteriores a la 1.3.1. La biblioteca est\u00e1ndar de Go realiza una coincidencia que no distingue entre may\u00fasculas y min\u00fasculas de las claves JSON con las etiquetas de campo de las estructuras \u2014 un campo etiquetado como json:'method' tambi\u00e9n coincidir\u00eda con 'Method', 'METHOD', etc. Esto violaba la especificaci\u00f3n JSON-RPC 2.0, que define nombres de campo exactos. Un par MCP malicioso podr\u00eda haber sido capaz de enviar mensajes de protocolo con un uso de may\u00fasculas y min\u00fasculas no est\u00e1ndar en los campos que el SDK aceptar\u00eda silenciosamente. Esto ten\u00eda el potencial de eludir la inspecci\u00f3n intermedia y la inconsistencia entre implementaciones. El desenmascaramiento JSON est\u00e1ndar de Go fue reemplazado por un decodificador que distingue entre may\u00fasculas y min\u00fasculas en el commit 7b8d81c. Se aconseja a los usuarios actualizar a la versi\u00f3n 1.3.1 para resolver este problema."}], "id": "CVE-2026-27896", "lastModified": "2026-04-14T00:40:00.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T01:16:25.630", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-178"}, {"lang": "en", "value": "CWE-436"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "modelcontextprotocol/go-sdk: improper handling of case sensitivity", "id": "2442903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442903"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-178", "details": ["The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags \u2014 a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.", "A flaw was found in the Go MCP SDK. This issue occurs due to an improper handling of case sensitivity during JSON-RPC message parsing, specifically in the matching of JSON keys to struct field tags. This behavior violates the JSON-RPC 2.0 specification, which explicitly requires case-sensitive field name matching. A malicious MCP peer able to send protocol messages with non-standard field casing can potentially bypass intermediary inspection, allowing attackers to smuggle payloads past upstream filters and cause cross-implementation inconsistency."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw, strictly enforce JSON-RPC case sensitivity before payload processing or harden upstream WAF and proxy rules to explicitly block improperly cased requests at the network edge."}, "name": "CVE-2026-27896", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-cli-download-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-api-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-cli-download-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-controller-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "mtv-candidate/mtv-operator-bundle", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed/openshift-mcp-server-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-1/kn-client-kn-rhel9", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-1/kn-plugin-func-func-util-rhel9", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-02-26T00:47:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27896\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27896\nhttps://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0\nhttps://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f"], "statement": "This issue is only exploitable in MCP Go SDK backends deployed behind an intermediary security control, like a WAF, inspection proxy or strict firewall that enforces the JSON-RPC 2.0 specification. This vulnerability allows an attacker to bypass the upstream filter and deliver a message to the backend. However, the attacker is still constrained by the normal business logic of the application and cannot cause memory access, arbitrary command execution or grant database administrative rights. Due to these reasons, this flaw has been rated with an important severity.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "go-sdk", "vendor": "modelcontextprotocol"}], "analysis": {"en": {"generated_at": "2026-04-17T14:35:35.447442+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch by updating the MCP Go SDK to version 1.3.1 or later, which introduces a case-sensitive JSON decoder.", "After updating, enforce strict validation of all received JSON-RPC messages and log any use of non-standard field casing for audit purposes.", "Limit the SDK\u2019s exposure by restricting its use to trusted MCP peers and, where feasible, perform peer authentication before accepting protocol traffic."], "summary": {"action": "Patch", "impact": "Protocol validation bypass leading to unauthorized behavior"}, "threat_synthesis": {"affected_systems": "Users employing the MCP Go SDK prior to version 1.3.1 are affected. The affected product is the modelcontextprotocol go-sdk, also known as lfprojects:mcp_go_sdk. Any deployment that relies on this SDK for handling MCP protocol or JSON-RPC messages must upgrade to version 1.3.1 or later to receive the case-sensitive JSON decoder that was introduced in commit 7b8d81c.", "description_and_impact": "The vulnerability arises from the Go MCP SDK's use of Go's standard encoding/json.Unmarshal for parsing JSON-RPC and MCP protocol messages in versions before 1.3.1. Unlike the JSON-RPC 2.0 specification, which requires exact matching of field names, this unmarshal routine matches keys case-insensitively. As a result, a field tagged json:\"method\" would also match \"Method\", \"METHOD\", or any other casing variant. An attacker able to control the content of a remote MCP peer could send protocol messages that use non-standard casing. The SDK would accept these values silently, potentially bypassing intermediary inspection and exposing inconsistencies between implementations. The outcome could be unauthorized manipulation of protocol behavior or the execution of unintended actions, depending on how the application uses the parsed data. The issue is reflected by CWE-178 (Improper Validation of Arguments) and CWE-436 (Improper Treatment of Input).", "risk_and_exploitability": "The CVSS v3.1 score for this flaw is 7.0, indicating a high severity. The EPSS score is below 1%, showing that the probability of public exploitation at this time is very low. The vulnerability is not listed in the CISA KEV catalog. The likely attack path involves a malicious MCP peer that sends JSON-RPC messages with improperly cased field names. Since the untrusted peer input is parsed without strict field name validation, an attacker can trigger the SDK to treat these messages as valid, bypassing checks that would normally reject them. The impact is confined to systems that use the affected SDK version and accept connections from such peers; however, the non-compliant behavior can lead to unpredictable application behavior, data corruption, or other unintended effects."}}}}, "created": "2026-02-26T13:10:16.029624+00:00", "updated": "2026-04-17T14:45:21.027125+00:00", "vendors": ["modelcontextprotocol", "modelcontextprotocol$PRODUCT$go-sdk"]}