CVE-2026-33946: MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
(updated )
The Ruby SDK’s streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim’s Server-Sent Events (SSE) stream and intercept all real-time data.
References
- github.com/advisories/GHSA-qvqr-5cv7-wh35
- github.com/modelcontextprotocol/csharp-sdk/blob/main/src/ModelContextProtocol.AspNetCore/SseHandler.cs
- github.com/modelcontextprotocol/go-sdk/blob/main/mcp/streamable.go
- github.com/modelcontextprotocol/python-sdk/blob/main/src/mcp/server/streamable_http.py
- github.com/modelcontextprotocol/ruby-sdk
- github.com/modelcontextprotocol/ruby-sdk/blob/main/examples/streamable_http_server.rb
- github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874
- github.com/modelcontextprotocol/ruby-sdk/releases/tag/v0.9.2
- github.com/modelcontextprotocol/ruby-sdk/security/advisories/GHSA-qvqr-5cv7-wh35
- github.com/rubysec/ruby-advisory-db/blob/master/gems/mcp/CVE-2026-33946.yml
- hackerone.com/reports/3556146
- nvd.nist.gov/vuln/detail/CVE-2026-33946
Code Behaviors & Features
Detect and mitigate CVE-2026-33946 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →