cbcvebase.

Modelcontextprotocol Python-Sdk vulnerabilities

3 known vulnerabilities affecting modelcontextprotocol/python-sdk.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-53366P3HIGHCVSS 8.7fixed in 1.9.42025-07-04
CVE-2025-53366 [HIGH] CWE-248 CVE-2025-53366: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol ( The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment c
nvd
CVE-2025-66416P3HIGHCVSS 8.1fixed in 1.23.02025-12-02
CVE-2025-66416 [HIGH] CWE-1188 CVE-2025-66416: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol ( The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamab
nvd
CVE-2025-53365P3HIGHCVSS 8.7fixed in 1.10.02025-07-04
CVE-2025-53365 [HIGH] CWE-248 CVE-2025-53365: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol ( The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to resto
nvd
Modelcontextprotocol Python-Sdk vulnerabilities | cvebase