MCP Python SDK Denial-of-Service Vulnerability via Uncaught ClosedResourceError
Vulnerability
A denial-of-service vulnerability has been identified in the MCP Python SDK, prior to version 1.10.0. When a client intentionally triggers an exception after starting a streamable HTTP session, it can cause an uncaught ClosedResourceError on the server. This error leads to a server crash, requiring a restart to resume normal operations. The impact of this vulnerability can vary based on the specific deployment and any infrastructure-level resilience measures in place.
Impact
Exploitation of this vulnerability causes the server to crash, disrupting service and requiring a manual restart to restore functionality.
Reproduction
The vulnerability can be reproduced by establishing a streamable HTTP session with the server and then deliberately triggering an exception. This can be done by using a client that sends a request that causes an error after the session has been initiated, such as by raising an exception or sending invalid data that the server cannot process.
Remediation
Users can upgrade to MCP Python SDK version 1.10.0 or later, which includes a patch for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.