PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59950 modelcontextprotocol CVE debrief

The MCP Python SDK, called mcp on PyPI, has a vulnerability prior to version 1.28.1 in the deprecated mcp.server.websocket.websocket_server transport. This transport accepted WebSocket handshakes without applying Host or Origin header validation, potentially allowing unauthorized connections. The issue is fixed in version 1.28.1. Affected users, especially those who have exposed the deprecated transport, should update to version 1.28.1 or later to mitigate this vulnerability. The vulnerability has a high CVSS score of 7.6 and is classified as HIGH severity.

Vendor
modelcontextprotocol
Product
python-sdk
CVSS
HIGH 7.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of the MCP Python SDK, especially those who have exposed the deprecated mcp.server.websocket.websocket_server transport, should update to version 1.28.1 or later to mitigate this vulnerability. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed. Security teams should prioritize updating the SDK and review their deployments for potential exposure.

Technical summary

The MCP Python SDK, prior to version 1.28.1, had a vulnerability in the deprecated mcp.server.websocket.websocket_server transport. This transport accepted WebSocket handshakes without validating the Host or Origin headers, potentially allowing unauthorized connections. The issue was addressed in version 1.28.1. Users of the MCP Python SDK should review their deployments and update to version 1.28.1 or later to mitigate this vulnerability. The vulnerability allows for potential unauthorized connections, which could lead to security breaches.

Defensive priority

High

Recommended defensive actions

  • Update the MCP Python SDK to version 1.28.1 or later
  • Review and restrict which origins can connect to applications using the deprecated transport
  • Implement additional monitoring and validation for WebSocket handshakes
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-15T21:16:55.683Z and last modified on 2026-07-16T13:51:12.157Z. The NVD entry is currently Awaiting Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The MCP Python SDK, called mcp on PyPI, has a deprecated transport that accepted WebSocket handshakes without validation. Users should review the official advisory and CVE record for more information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T21:16:55.683Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.