Overview
The MCP protocol specification places session identifiers in URLs (e.g., GET /messages/?sessionId=UUID), violating security best practices and exposing session tokens in logs, browser history, and referrer headers.
Who Is Affected
Reported by Equixly during protocol analysis. Affects all MCP implementations following the HTTP/SSE transport specification, as this is a protocol-level design issue.
Where It Exists
The vulnerability is embedded in the MCP protocol specification for the HTTP with Server-Sent Events (SSE) transport. Session IDs appear in URL query parameters rather than in headers or request bodies.
When It Was Found
Analyzed and reported March 29, 2025. This is a protocol design flaw present since the SSE transport was specified.
How It Works
Session identifiers placed in URLs are automatically logged by web servers, proxies, CDNs, and browser history. They appear in HTTP Referer headers when navigating to external links. Any component that logs or caches URLs can capture valid session tokens, enabling session hijacking.
Impact
Attackers who obtain session IDs from logs, referrer headers, or shared URLs can hijack active MCP sessions. This enables unauthorized tool invocations, data access, and potentially privilege escalation within the affected session.
Mitigation
Implement session tokens in HTTP headers (e.g., Authorization bearer tokens) instead of URL parameters. Use short-lived session tokens with automatic rotation. Deploy HTTPS everywhere to prevent network-level token interception. Clear session tokens from proxy and server logs.