Product
A DNS rebinding vulnerability exists in java-sdk versions prior to 1.0.0, allowing an attacker to access a locally or network-private java-sdk MCP server via a victim's browser, potentially enabling unauthorized tool calls to the server.