Windows MCP

v0.7.5 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 20d MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai desktop mcp tools windows windows-automation

Affected surfaces

auth breaking_upgrade

ReleasePort's take

Light signal

editorial:auto 13d

Version v0.7.5 of Windows MCP removes unconditional wildcard CORS headers and adds DNS rebinding protection via Host header validation.

Why it matters: Patch to v0.7.5 immediately to eliminate unauthenticated cross-origin MCP sessions and prevent DNS rebinding attacks.

Summary

AI summary

Fixed GHSA-vrxg-gm77-7q5g by removing unconditional CORS headers and adding Host header validation.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	High	Removes unconditional wildcard CORS headers from HTTP transports. Removes unconditional wildcard CORS headers from HTTP transports. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Security	Medium	Removes unconditional wildcard CORS headers to prevent unauthenticated cross-origin MCP sessions. Removes unconditional wildcard CORS headers to prevent unauthenticated cross-origin MCP sessions. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Introduces opt-in CORS origins via `--cors-origins` flag, env var, or config for trusted browser clients. Introduces opt-in CORS origins via `--cors-origins` flag, env var, or config for trusted browser clients. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Adds DNS rebinding protection by validating Host header against bind address. Adds DNS rebinding protection by validating Host header against bind address. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

Security fix

This release addresses GHSA-vrxg-gm77-7q5g reported by @dodge1218.

What was wrong

HTTP transports (sse, streamable-http) emitted Access-Control-Allow-Origin: * unconditionally, allowing any cross-origin browser page to open an unauthenticated MCP session and invoke the PowerShell tool. There was also no Host header validation, leaving localhost-bound servers open to DNS rebinding attacks.

What changed

No wildcard CORS by default. OptionsMiddleware and CORSMiddleware no longer emit Access-Control-Allow-Origin: *. Without an explicit origin list, no CORS headers are sent — browsers block cross-origin requests via Same-Origin Policy.
--cors-origins opt-in. Operators who need a browser-based MCP client can pass a comma-separated list of trusted origins (--cors-origins https://my-client.example.com). Only those origins receive CORS headers. Also available as WINDOWS_MCP_CORS_ORIGINS env var and cors_origins in ~/.windows-mcp/config.toml.
DNS rebinding protection. TrustedHostMiddleware is now applied automatically based on the bind address (loopback → localhost/127.0.0.1/[::1]; specific host → that host). Requests whose Host header doesn't match are rejected before reaching the MCP control plane.

Upgrade

uvx [email protected] serve
# or
pip install --upgrade windows-mcp

No configuration changes are required for the default stdio transport or for existing HTTP deployments that don't rely on cross-origin browser access.

Security Fixes

GHSA-vrxg-gm77-7q5g — removed unconditional Access-Control-Allow-Origin: * and added Host header validation to prevent unauthenticated cross‑origin sessions and DNS rebinding attacks.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Windows MCP

Get notified when new releases ship.

About Windows MCP

All releases →