GHSA-46gc-mwh4-cc5r

Suggest an improvement
Source
https://github.com/advisories/GHSA-46gc-mwh4-cc5r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-46gc-mwh4-cc5r/GHSA-46gc-mwh4-cc5r.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-46gc-mwh4-cc5r
Aliases
Published
2025-12-03T16:07:31Z
Modified
2025-12-03T19:01:30.073878Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H CVSS Calculator
Summary
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode
Details

Impact

When ran in sse or streaming mode (--transport), the Docker MCP Gateway is vulnerable to a DNS rebinding attack.

Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be manipulated by an attacker who is able to get a victim to visit a malicious website, or if a victim is served a malicious advertisement.

The MCP Gateway is not prone to this attack when started in its default stdio mode, which does not listen on any network ports.

Patches

Patch available in version v0.28.0

Workarounds

Do not start the MCP gateway in sse or streaming mode (use default stdio)

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-03T16:07:31Z",
    "nvd_published_at": "2025-12-03T18:15:46Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-749"
    ]
}
References

Affected packages

Go / github.com/docker/mcp-gateway

Package

Name
github.com/docker/mcp-gateway
View open source insights on deps.dev
Purl
pkg:golang/github.com/docker/mcp-gateway

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.28.0

Database specific

last_known_affected_version_range

"<= 0.27.0"