Affected by GO-2026-4569
and 3 other vulnerabilities
GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk
GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk
GO-2026-5771: DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost in github.com/modelcontextprotocol/go-sdk
The toolschemas example demonstrates how to create tools using both the
low-level [ToolHandler] and high level [ToolHandlerFor], as well as how to
customize schemas in both cases.