Fluid Attacks Database

Description

Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	@playwright/mcp	>=0 <0.0.40	0.0.40

Aliases

1. CVE-2025-96112. NVD-2025-96113. OSV-2025-96114. GHSA-8rgw-6xp9-2fg35. GCVE-2025-9611

References

1. https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg32. https://github.com/microsoft/playwright-mcp/issues/12063. https://github.com/microsoft/playwright/commit/1313fbd4. https://msrc.microsoft.com/report/vulnerability/VULN-1644125. https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.