Lucene search
+L

425 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44798

MCP Python SDK: WebSocket server transport does not support Host/Origin validation...

7.6CVSS6.1AI score0.00181EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44795

MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-44797

MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks...

7.6CVSS6.1AI score0.00227EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-44968

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS0.00137EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

ROOT-APP-NPM-CVE-2025-66414 CVE-2025-66414 in @rootio/modelcontextprotocol__sdk - Patched by Root

Root has patched CVE-2025-66414 in the @rootio/modelcontextprotocolsdk package for Root:npm. Multiple fixed versions available...

8.1CVSS5.8AI score0.00463EPSS
Exploits0
NVD
NVD
added 3 days ago6 views

CVE-2026-52870

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00227EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-52869

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.00251EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-59950 MCP Python SDK: WebSocket server transport does not support Host/Origin validation

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.28.1, the deprecated mcp.server.websocket.websocketserver transport accepted WebSocket handshakes without applying Host or Origin header validation, leaving no SDK-level way to restric...

7.6CVSS0.00181EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-59950 MCP Python SDK: WebSocket server transport does not support Host/Origin validation

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.28.1, the deprecated mcp.server.websocket.websocketserver transport accepted WebSocket handshakes without applying Host or Origin header validation, leaving no SDK-level way to restric...

7.6CVSS6.1AI score0.00181EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-52870 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00227EPSS
Exploits0References4
OSV
OSV
added 3 days ago3 views

CVE-2026-52870 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS6.1AI score0.00227EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-52869 MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References8
CVE
CVE
added 3 days ago20 views

CVE-2026-52869

The MCP Python SDK (mcp on PyPI) has a vulnerability affecting versions prior to 1.27.2 in its SSE and stateful Streamable HTTP transports. These transports (mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.StreamableHTTPSessionManager) route requests to an existing sessio...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-52869 MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60301

Name of the Vulnerable Software and Affected Versions mcp versions prior to 1.28.1 Description The MCP Python SDK, a Python implementation of the Model Context Protocol, contains an issue in the deprecated mcp.server.websocket.websocket server transport. This component accepts WebSocket handshake...

7.6CVSS6.1AI score0.00181EPSS
Exploits0References9
NVD
NVD
added 2026/07/03 11:16 a.m.7 views

CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 10:19 a.m.35 views

CVE-2026-13341 Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 10:19 a.m.10 views

CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 10:19 a.m.9 views

EUVD-2026-41530

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55525

Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0 Description An issue exists where the server fails to properly validate content returned to the Large Language Model LLM. This allows a remote attacker to perform an indirect prompt injection by...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References7
Rows per page
Query Builder