An update for python-mcp is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1151 Final 1.0 1.0 2026-01-16 Initial 2026-01-16 2026-01-16 openEuler SA Tool V1.0 2026-01-16 python-mcp security update An update for python-mcp is now available for openEuler-24.03-LTS-SP3 The official Python SDK for Model Context Protocol servers and clients Security Fix(es): The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.(CVE-2025-53365) The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.(CVE-2025-53366) An update for python-mcp is now available for master/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-mcp https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1151 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-53365 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-53366 https://nvd.nist.gov/vuln/detail/CVE-2025-53365 https://nvd.nist.gov/vuln/detail/CVE-2025-53366 openEuler-24.03-LTS-SP3 python3-mcp-1.12.3-1.oe2403sp3.noarch.rpm python-mcp-1.12.3-1.oe2403sp3.src.rpm The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue. 2026-01-16 CVE-2025-53365 openEuler-24.03-LTS-SP3 Medium 5.1 AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L python-mcp security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1151 The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue. 2026-01-16 CVE-2025-53366 openEuler-24.03-LTS-SP3 Medium 5.5 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L python-mcp security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1151