High severityOSV Advisory· Published Jul 4, 2025· Updated Apr 15, 2026
CVE-2025-53366
CVE-2025-53366
Description
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mcpPyPI | < 1.9.4 | 1.9.4 |
Affected products
2- Range: v1.0.0, v1.4.0, v1.4.1, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-3qhf-m339-9g5vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53366ghsaADVISORY
- github.com/modelcontextprotocol/python-sdk/commit/29c69e6a47d0104d0afcea6ac35e7ab02fde809anvdWEB
- github.com/modelcontextprotocol/python-sdk/pull/822nvdWEB
- github.com/modelcontextprotocol/python-sdk/releases/tag/v1.9.4ghsaWEB
- github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-3qhf-m339-9g5vnvdWEB
News mentions
0No linked articles in our index yet.