CVE-2026-35577— Missing Host Header Validation in Apollo MCP Server for Localhost Deployments
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35577
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Host Header Validation in Apollo MCP Server for Localhost Deployments
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on localhost without additional authentication or network-level controls, this could potentially allow a malicious website—visited by a user running the server locally—to use DNS rebinding techniques to bypass same-origin policy restrictions and issue requests to the local MCP server. If successfully exploited, this could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based transport modes (StreamableHTTP). It does not affect servers using stdio transport. The practical risk is further reduced in deployments that use authentication, network-level access controls, or are not bound to localhost. This vulnerability is fixed in 1.7.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apollo MCP Server 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apollo MCP Server是Apollo GraphQL开源的一个将GraphQL操作暴露为AI工具的服务端。 Apollo MCP Server 1.7.0之前版本存在访问控制错误漏洞,该漏洞源于使用StreamableHTTP传输时未验证传入HTTP请求的Host标头,可能导致恶意网站通过DNS重绑定技术绕过同源策略限制并发起请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| apollographql | apollo-mcp-server | < 1.7.0 | - |
II. Public POCs for CVE-2026-35577
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35577
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: apollographql
- CVE-2026-23897
Apollo Server is vulnerable to denial of service with `start - CVE-2025-64530
@apollo/composition has Improper Enforcement of Access Contr - CVE-2025-64347
Apollo Router Improperly Enforces Renamed Access Control Dir - CVE-2025-64173
Apollo Router Core: Access Control Bypass on Polymorphic Typ - CVE-2025-59845
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via
Same weakness: CWE-346
- CVE-2026-6508
RCE in TUBITAK BILGEM's Liderahenk - CVE-2026-43870
Apache Thrift: Node.js web_server.js multi-vulnerability - CVE-2026-7439
AgentFlow Local Web API Content-Type Validation Bypass - CVE-2026-41398
OpenClaw - Unauthorized Agent Request Dispatch via Untrusted - CVE-2026-41393
OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance an
V. Comments for CVE-2026-35577
No comments yet