CVE-2026-59950 in MCPinfo

Summary

by MITRE • 07/15/2026

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSocket handshakes without applying Host or Origin header validation, leaving no SDK-level way to restrict which origins could connect to applications that exposed that transport. This issue is fixed in version 1.28.1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/15/2026

The MCP Python SDK represents a critical implementation of the Model Context Protocol designed to facilitate secure communication between AI models and their contexts. This software library, distributed through the Python Package Index under the name mcp, provides developers with tools to build applications that adhere to the standardized MCP framework. The vulnerability resides within a specific transport mechanism known as mcp.server.websocket.websocket_server which was intended to handle WebSocket connections for server-side implementations. Prior to version 1.28.1, this particular transport component exhibited a significant security weakness in its connection validation process.

The technical flaw manifests as a complete absence of Host or Origin header validation during the WebSocket handshake process. This oversight creates a dangerous attack surface where any external entity can establish connections to applications utilizing this deprecated transport mechanism without proper authentication or authorization checks. The vulnerability directly violates fundamental web security principles and aligns with CWE-284 access control weaknesses that permit unauthorized access to protected resources. When WebSocket handshakes occur without validating the origin of incoming requests, malicious actors can exploit this gap to establish connections from unauthorized domains or hosts, potentially leading to cross-origin attacks and unauthorized data access.

The operational impact of this vulnerability extends beyond simple network connectivity issues as it fundamentally compromises the security boundaries of applications built using this SDK. Applications exposing the affected transport mechanism become vulnerable to various attack vectors including but not limited to cross-site request forgery, unauthorized data interception, and potential privilege escalation scenarios. The deprecated nature of the websocket_server transport does not diminish its security implications, as legacy components often continue to receive traffic in production environments where they may be overlooked during security audits. This vulnerability affects applications that rely on the MCP protocol for secure model context management and could expose sensitive AI model interactions to unauthorized parties.

Security practitioners should immediately prioritize upgrading affected systems to version 1.28.1 or later, which implements proper Host and Origin header validation mechanisms. Organizations maintaining legacy systems that continue using this deprecated transport should conduct comprehensive security assessments to identify all instances where the vulnerable component remains active. The mitigation strategy must include thorough testing of the updated validation logic to ensure it properly blocks unauthorized connections while maintaining legitimate functionality for authorized clients. Additionally, security monitoring should be enhanced to detect anomalous connection patterns that might indicate exploitation attempts against this vulnerability. This remediation aligns with ATT&CK technique T1190 for exploitation of remote services and demonstrates how seemingly minor configuration oversights can create substantial security risks in modern application architectures.

Responsible

GitHub M

Reservation

07/07/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!