CVE advisoryCRITICAL
CVE-2026-11624
Model Context Protocol DNS Rebinding Vulnerability
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
The Model Context Protocol is vulnerable to DNS rebinding attacks if incoming connections are not validated. This could allow an attacker to trick a user's browser into making unauthorized requests. Newer versions offer configuration options to mitigate this risk.