Affected by GO-2026-4770 and 1 other vulnerabilities

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

client/

Details

Path	Synopsis
listfeatures The listfeatures command lists all features of a stdio MCP server.	The listfeatures command lists all features of a stdio MCP server.
loadtest The load command load tests a streamable MCP server	The load command load tests a streamable MCP server
middleware