CNNVD-202512-175 Information
CNNVD ID
CNNVD-202512-175
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Model Context Protocol Python SDK是Model Context Protocol开源的一个用于模型上下文协议服务器和客户端的开发工具。 Model Context Protocol Python SDK 1.23.0之前版本存在安全漏洞,该漏洞源于默认未启用DNS重绑定保护,可能导致绕过同源策略限制。
Description (English)
Model Context Protocol Python SDK is a development tool for model context protocol servers and clients from the Model Context Protocol Open Source. There is a security loophole in the previous version of Model ContoxProtocol Python SDK 1.23.0, which stems from the default failure to enable DNS re-coup protection, which may result in circumventing the co-source policy restriction.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Model Context Protocol
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99 https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-9h52-p55h-vw2f https://access.redhat.com/security/cve/cve-2025-66416
Patch
https://github.com/modelcontextprotocol/python-sdk/releases
Share on: