Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools
High severity
GitHub Reviewed
Published
Jan 7, 2026
to the GitHub Advisory Database
•
Updated Jan 7, 2026
Description
Published by the National Vulnerability Database
Jan 7, 2026
Published to the GitHub Advisory Database
Jan 7, 2026
Reviewed
Jan 7, 2026
Last updated
Jan 7, 2026
Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.
References