Vulnerability in Modelcontextprotocol Python-sdk

CVE-2026-59950

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSocket handshakes without applying Host or…

Affected products

Weakness classification (CWE)

References