Vulnerability in Modelcontextprotocol Python-sdk
CVE-2025-53366
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, result…
EPSS: 0.057 (92.1th percentile) — read the EPSS interpretation.
Affected products
- Modelcontextprotocol Python-sdk — versions < 1.9.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)