Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

EUVD-2025-20093

Malicious code in bioql PyPI...

EUVD-2025-20094

Malicious code in bioql PyPI...

CVE-2025-53366

A flaw was found in MCP. The MCP Python SDK contains a validation error that leads to an unhandled exception when processing malformed requests. This flaw allows a remote attacker to trigger this condition by sending a crafted request, resulting in an application-level service interruption...

CVE-2025-53365

A flaw was found in MCP. The mcp Python SDK exhibits an uncaught exception when a client intentionally triggers an error following the establishment of a streamable HTTP session. This condition allows a remote attacker to cause a program crash. The vulnerability stems from a lack of exception...

CVE-2025-53365

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing...

CVE-2025-53366

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability 500 errors until manually...

MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability 500 errors until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank y...

MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and...

GHSA-J975-95F5-7WQH MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and...

CVE-2025-53366 MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability 500 errors until manually...

CVE-2025-53365

The MCP Python SDK (package name mcp) has a CVE-2025-53365 issue affecting versions prior to 1.10.0. If a client deliberately triggers an exception after establishing a streamable HTTP session, the server can emit an uncaught ClosedResourceError, potentially crashing the server and requiring a re...

CVE-2025-53365 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing...

CVE-2025-53365 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing...

PT-2025-28026 · Unknown · Mcp Python Sdk

Name of the Vulnerable Software and Affected Versions: MCP Python SDK versions prior to 1.10.0 Description: The issue arises when a client deliberately triggers an exception after establishing a streamable HTTP session, leading to an uncaught ClosedResourceError on the server side. This can cause...

PT-2025-28027 · Unknown · Mcp Python Sdk

Name of the Vulnerable Software and Affected Versions: MCP Python SDK versions prior to 1.9.4 Description: A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability until manually restarted. The impact may vary...