Product
A high-severity vulnerability (CVE-2026-52870) in the MCP Python SDK's experimental task handlers, specifically in versions 1.23.0 through 1.27.1, allows any connected client to observe, read results from, and cancel tasks belonging to other clients due to a lack of session validation, potentially leading to unauthorized data access and denial of service.