CVE-2026-52870
The MCP Python SDK (package mcp on PyPI) has a vulnerability in versions 1.23.0–1.27.1 where default handlers installed by server.experimental.enable_tasks() for tasks/list, tasks/get, tasks/result, and tasks/cancel only operate on task identifiers and do not record the session that created each ...