Security: modelcontextprotocol/python-sdk
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Experimental task handlers allow any client to access and cancel other clients' tasksGHSA-hvrp-rf83-w775 published
Jun 5, 2026 by maxisbeyHigh -
HTTP transports serve session requests without verifying the authenticated principalGHSA-jpw9-pfvf-9f58 published
Jun 5, 2026 by maxisbeyHigh -
DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on LocalhostGHSA-9h52-p55h-vw2f published
Dec 2, 2025 by pcarletonHigh -
MCP SDK FastMCP Server Validation Error Leading to Denial of ServiceGHSA-3qhf-m339-9g5v published
Jul 4, 2025 by jenn-newtonHigh -
Unhandled Exception in Streamable HTTP Transport Leading to Denial of ServiceGHSA-j975-95f5-7wqh published
Jul 4, 2025 by jenn-newtonHigh