Affected by GO-2026-4770 and 1 other vulnerabilities

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

loadtest

command

v1.3.1 Latest Latest Go to latest Published: Feb 18, 2026 License: MIT Imports: 11 Imported by: 0

Details

The load command load tests a streamable MCP server

Usage: loadtest <URL>

For example:

loadtest -tool=greet -args='{"name": "foo"}' http://localhost:8080