Browse all 19 CVE security advisories affecting modelcontextprotocol. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Modelcontextprotocol serves as an interface for AI model interactions, enabling secure data exchange between applications and language models. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure API endpoints. The protocol's security posture has been challenged by multiple critical flaws, including several that allowed unauthorized access to sensitive data or system compromise. With 19 CVEs documented, the implementation has faced recurring issues around authentication and authorization, highlighting challenges in securing complex AI integrations. While no major public incidents have been widely reported, the volume of reported vulnerabilities indicates ongoing security concerns that require rigorous patch management and secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66416 | DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost — python-sdkCWE-1188 | 7.1 | - | 2025-12-02 |
| CVE-2025-53366 | MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service — python-sdkCWE-248 | 7.5 | - | 2025-07-04 |
| CVE-2025-53365 | MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service — python-sdkCWE-248 | 7.5 | - | 2025-07-04 |
This page lists every published CVE security advisory associated with modelcontextprotocol. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.