Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Comments

Close side panel

[v1.x] fix: prevent command injection in example URL opening#2085

Merged
maxisbey merged 2 commits intov1.xmodelcontextprotocol/python-sdk:v1.xfrom
fix/example-command-injection-v1xmodelcontextprotocol/python-sdk:fix/example-command-injection-v1xCopy head branch name to clipboard
Feb 18, 2026
Merged

[v1.x] fix: prevent command injection in example URL opening#2085
maxisbey merged 2 commits intov1.xmodelcontextprotocol/python-sdk:v1.xfrom
fix/example-command-injection-v1xmodelcontextprotocol/python-sdk:fix/example-command-injection-v1xCopy head branch name to clipboard

Conversation

@maxisbey
Copy link
Contributor

@maxisbey maxisbey commented Feb 18, 2026

Backport of #2082 to v1.x.

Motivation and Context

The open_browser() function in the URL elicitation example client used subprocess.run(["start", url], shell=True) on Windows, which allows shell metacharacter injection via crafted URLs. A malicious MCP server could send a URL like https://example.com/?state=abc&calc during URL elicitation, and cmd.exe would interpret & as a command separator, executing arbitrary commands.

How Has This Been Tested?

Code review — this is an example file, not library code. The changes are identical to the merged #2082.

Breaking Changes

None.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

AI Disclaimer

@maxisbey
fix: prevent command injection in example URL opening
67bbfc0 
Backport of #2082 to v1.x.

Replace platform-specific subprocess calls with webbrowser.open() and add
URL scheme validation (http/https allowlist) to block dangerous protocol
handlers in the URL elicitation example client.
felixweinberger
felixweinberger reviewed Feb 18, 2026
View reviewed changes
examples/snippets/clients/url_elicitation_client.py Outdated
Comment on lines 119 to 120
print(f"Failed to open browser: {e}")
print(f"Please manually open: {url}")
Copy link
Contributor

@felixweinberger felixweinberger Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logger.exception I think while we're here

Copy link
Contributor Author

@maxisbey maxisbey Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

felixweinberger
felixweinberger approved these changes Feb 18, 2026
View reviewed changes
Copy link
Contributor

@felixweinberger felixweinberger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@maxisbey maxisbey merged commit 66aaf93 into v1.x Feb 18, 2026
21 checks passed
@maxisbey maxisbey deleted the fix/example-command-injection-v1x branch February 18, 2026 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felixweinberger felixweinberger felixweinberger approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maxisbey @felixweinberger
Morty Proxy This is a proxified and sanitized view of the page, visit original site.