Listen to this Post
This vulnerability exploits the browser’s Same-Origin Policy (SOP) by manipulating DNS resolution. A malicious website, after a user visits it, changes its DNS record to point to the local IP address (e.g., 127.0.0.1) of a victim’s machine running the vulnerable Neo4j Cypher MCP server. The browser, having already established a connection to the original domain, allows subsequent requests to this now-local IP due to the DNS rebind, effectively bypassing SOP. This enables the attacker’s JavaScript code to directly interact with the unauthenticated local MCP server API, leading to unauthorized execution of Cypher queries and other tool invocations on the victim’s Neo4j database.
Platform: Neo4j MCP
Version: <0.4.0
Vulnerability: DNS Rebinding
Severity: High
date: 2025-09-11
Prediction: 2025-09-18
What Undercode Say:
`nslookup malicious.example.com`
`curl -H “Origin: http://malicious.example.com” -X POST http://127.0.0.1:8000/tools/call -d ‘{“name”:”cypher”,”arguments”:{“query”:”MATCH (n) RETURN n”}}’`
How Exploit:
Malicious site rebinds DNS to 127.0.0.1, sending direct API calls to the local MCP server from the user’s browser, executing arbitrary Cypher tool calls.
Protection from this CVE:
Upgrade to v0.4.0. Use CORS middleware. Alternatively, use stdio mode to disable the HTTP server entirely, mitigating the network-based attack vector.
Impact:
Unauthorized data access, data modification, or complete database compromise via arbitrary Cypher query execution from a malicious website.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

