All posts
mcpmcp-hangarsecurityadvisorycve

Security advisory: MCP Hangar 1.5.1 requires the CVE-2026-59950 fix

July 16, 2026MCP Hangar Team

Security advisory: MCP Hangar 1.5.1 requires the CVE-2026-59950 fix

Summary. CVE-2026-59950 (HIGH, CVSS 7.6) is a vulnerability in the upstream MCP Python SDK — not in MCP Hangar’s own code. The SDK’s WebSocket server transport accepted handshakes without validating the Host or Origin header, which opens a cross-origin / DNS-rebinding path. Credit to the MCP SDK maintainers: it is fixed in mcp 1.28.1.

Why it matters for MCP Hangar

MCP Hangar does not use the SDK’s deprecated websocket_server transport — Hangar’s WebSocket endpoints are our own implementation, with Origin validation at the gateway. The vulnerable code path is not reachable through Hangar itself.

However, our published dependency floor was mcp>=1.0.0, which meant a fresh install could still resolve a vulnerable SDK into your environment — even though our own lockfile had long moved past it. That is a supply-chain gap, not a Hangar vulnerability, and we closed it anyway.

MCP Hangar 1.5.1 raises the floor to mcp>=1.28.1, so installing Hangar guarantees the patched SDK in your dependency tree.

What to do

  • Upgrade to MCP Hangar 1.5.1: pip install --upgrade mcp-hangar
  • Or, if you can’t upgrade Hangar yet, pin the SDK directly: mcp>=1.28.1.

That’s the whole action item. There is no configuration change and no data migration.

What’s next

Origin validation belongs at the trust boundary, not only downstream of it. Hangar’s gateway already validates the Origin header on its WebSocket endpoints; as defense-in-depth — independent of the SDK fix — we’re extending this to Host validation with a configurable allowlist, so the edge enforces policy regardless of what any downstream SDK does. That work is tracked in the open-source repo.

Full release notes: MCP Hangar v1.5.1.