CVE-2025-53366

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53366

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53366

Aliases

GHSA-3qhf-m339-9g5v

Published

2025-07-04T22:15:22Z

Modified

2025-07-08T17:01:37.302989Z

Summary

[none]

Details

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.

References

Affected packages

Git / github.com/modelcontextprotocol/python-sdk

Affected ranges

Type: GIT
Repo: https://github.com/modelcontextprotocol/python-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

29c69e6a47d0104d0afcea6ac35e7ab02fde809a

Affected versions

v0.*

v0.6.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.0rc1

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.8.1

v1.9.0

v1.9.1

v1.9.2

v1.9.3