CVE-2026-42559

Description

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive `rmcp` dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local `dynoxide mcp --http` or `dynoxide serve --mcp` server with a non-loopback `Host` header, which the server would then process. The Host check alone did not close a related cross-origin CSRF vector: a page could `fetch` the loopback endpoint with `mode: 'no-cors'`, and the Host header would match while the Origin header went unchecked. Affected MCP write tools include `put_item`, `update_item`, `delete_item`, `create_table`, and `batch_write_item`. The stdio transport (`dynoxide mcp` without `--http`) is not affected. ## Patches dynoxide 0.9.13 closes both vectors: - Upgrades `rmcp` from 1.1.1 to 1.6.0 (which ships a default Host-header allowlist). - Sets explicit `allowed_hosts` and `allowed_origins` on `StreamableHttpServerConfig`.

How to fix CVE-2026-42559

To remediate CVE-2026-42559, upgrade the affected package to a fixed version below.

• —upgrade to 0.9.13 or later
• —upgrade to 0.9.13 or later
• —upgrade to 1.4.0 or later
• —upgrade to 0.9.13 or later

Is CVE-2026-42559 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• >= 0.9.3, < 0.9.13
• >= 0.9.3, < 0.9.13
• from 0, < 1.4.0
• >= 0.9.3, < 0.9.13

CVSS scores

References (13)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-42559
• PATCHcrates.io/crates/dynoxide-rs
• PATCHgithub.com/modelcontextprotocol/rust-sdk
• PATCHgithub.com/nubo-db/dynoxide
• WEB