Browse all 28 CVE security advisories affecting modelcontextprotocol. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Modelcontextprotocol serves as an interface for AI model interactions, enabling secure data exchange between applications and language models. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure API endpoints. The protocol's security posture has been challenged by multiple critical flaws, including several that allowed unauthorized access to sensitive data or system compromise. With 19 CVEs documented, the implementation has faced recurring issues around authentication and authorization, highlighting challenges in securing complex AI integrations. While no major public incidents have been widely reported, the volume of reported vulnerabilities indicates ongoing security concerns that require rigorous patch management and secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-59950 | MCP Python SDK: WebSocket server transport does not support Host/Origin validation — python-sdkCWE-346 | - | - | 2026-07-15 |
| CVE-2026-52870 | MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks — python-sdkCWE-862 | 7.6 | High | 2026-07-15 |
| CVE-2026-52869 | MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal — python-sdkCWE-639 | 7.1 | High | 2026-07-15 |
| CVE-2025-66416 | DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost — python-sdkCWE-1188 | 7.1 | - | 2025-12-02 |
| CVE-2025-53366 | MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service — python-sdkCWE-248 | 7.5 | - | 2025-07-04 |
| CVE-2025-53365 | MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service — python-sdkCWE-248 | 7.5 | - | 2025-07-04 |
This page lists every published CVE security advisory associated with modelcontextprotocol. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.