github CursorTouch/Windows-MCP v0.7.5
v0.7.5 — Security patch: CORS & DNS rebinding (GHSA-vrxg-gm77-7q5g)
on GitHub

6 hours ago

Security fix

This release addresses GHSA-vrxg-gm77-7q5g reported by @dodge1218.

What was wrong

HTTP transports (sse, streamable-http) emitted Access-Control-Allow-Origin: * unconditionally, allowing any cross-origin browser page to open an unauthenticated MCP session and invoke the PowerShell tool. There was also no Host header validation, leaving localhost-bound servers open to DNS rebinding attacks.

What changed

  • No wildcard CORS by default. OptionsMiddleware and CORSMiddleware no longer emit Access-Control-Allow-Origin: *. Without an explicit origin list, no CORS headers are sent — browsers block cross-origin requests via Same-Origin Policy.
  • --cors-origins opt-in. Operators who need a browser-based MCP client can pass a comma-separated list of trusted origins (--cors-origins https://my-client.example.com). Only those origins receive CORS headers. Also available as WINDOWS_MCP_CORS_ORIGINS env var and cors_origins in ~/.windows-mcp/config.toml.
  • DNS rebinding protection. TrustedHostMiddleware is now applied automatically based on the bind address (loopback → localhost/127.0.0.1/[::1]; specific host → that host). Requests whose Host header doesn't match are rejected before reaching the MCP control plane.

Upgrade

uvx windows-mcp@0.7.5 serve
# or
pip install --upgrade windows-mcp

No configuration changes are required for the default stdio transport or for existing HTTP deployments that don't rely on cross-origin browser access.

Check out latest releases or
releases around CursorTouch/Windows-MCP v0.7.5

Don't miss a new Windows-MCP release

NewReleases is sending notifications on new releases.

Get notifications