Modelcontextprotocol Python-sdk
6 CVEs affecting Modelcontextprotocol Python-sdk. Latest disclosed: 2026-07-15. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66416 | High | 8.1 | 2025-12-02 | The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol… |
CVE-2026-52870 | High | 7.6 | 2026-07-15 | The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by… |
CVE-2026-52869 | High | 7.1 | 2026-07-15 | The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP t… |
CVE-2026-59950 | | 2026-07-15 | The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.we… | |
CVE-2025-53366 | | 2025-07-04 | The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP… | |
CVE-2025-53365 | | 2025-07-04 | The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately tri… |