GraphQL Operation Vulnerability in Apollo MCP Server by Apollo GraphQL
CVE-2026-35577

6.8MEDIUM

Key Information:

Vendor

Apollographql

Status
Apollo-mcp-server
Vendor
CVE Published:
9 April 2026

What is CVE-2026-35577?

The Apollo MCP Server, a Model Context Protocol server, exposes GraphQL operations but prior to version 1.7.0 lacked Host header validation for incoming HTTP requests using StreamableHTTP transport. This oversight allowed attackers to exploit HTTP-based MCP servers running on localhost, particularly in scenarios without additional authentication or network-level controls. These attackers could leverage DNS rebinding techniques to bypass same-origin policy restrictions, potentially invoking tools or accessing resources on the MCP server as if they were the local user. This critical security flaw impacts only those configurations that utilize HTTP transport and is mitigated by the implementation of version 1.7.0 or newer, along with network protections and authentication measures.

Affected Version(s)

apollo-mcp-server < 1.7.0

References

https://github.com/apollographql/apollo-mcp-server/securi...
x_refsource_CONFIRM
https://github.com/apollographql/apollo-mcp-server/pull/602
x_refsource_MISC
https://github.com/apollographql/apollo-mcp-server/pull/635
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.