Description
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
Published: 2026-02-04
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Leakage Across Clients
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the Model Context Protocol TypeScript SDK and allows a cross‑client response data leak. When a single McpServer/Server and transport instance is reused for multiple client connections, data returned for one client can be accessed by another client. This flaw manifests due to race conditions and improper isolation of concurrent requests, identified by CWE‑362 (Race Condition) and CWE‑367 (Concurrent Process Data Deletion). The primary impact is a confidentiality breach, exposing sensitive information from one client to others sharing the same server instance. No denial‑of‑service or privileged‑execution capability is granted by the flaw.

Affected Systems

Vendor: Model Context Protocol – TypeScript SDK. Versions from 1.10.0 through 1.25.3 are affected. The fix was released in version 1.26.0 and later versions are not affected.

Risk and Exploitability

The CVSS base score of 7.1 indicates high severity, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw by intentionally reusing the same server or transport instance across multiple client sessions, which is a common pattern in stateless StreamableHTTPServerTransport deployments. The attack likely requires control over the application code or the ability to influence the client connection lifecycle to orchestrate the reuse of the shared instance. No public exploit has been published, and the flaw is largely a design error rather than an externally triggerable exploit.

Generated by OpenCVE AI on April 17, 2026 at 23:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Model Context Protocol TypeScript SDK to version 1.26.0 or later.
  • Configure the application to instantiate a separate McpServer/Server and transport instance for each client connection instead of reusing a shared instance.
  • If an upgrade is not possible, pause the reuse of server/transport instances across clients until the vulnerability is patched, and audit existing deployments for excessive instance reuse.

Generated by OpenCVE AI on April 17, 2026 at 23:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-345p-7cg4-v4c7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
History

Wed, 18 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Lfprojects
Lfprojects mcp Typescript Sdk
CPEs cpe:2.3:a:lfprojects:mcp_typescript_sdk:*:*:*:*:*:*:*:*
Vendors & Products Lfprojects
Lfprojects mcp Typescript Sdk

Thu, 05 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 05 Feb 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Modelcontextprotocol
Modelcontextprotocol typescript-sdk
Vendors & Products Modelcontextprotocol
Modelcontextprotocol typescript-sdk

Wed, 04 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
Title @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Lfprojects Mcp Typescript Sdk
Modelcontextprotocol Typescript-sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-05T20:58:17.103Z

Reserved: 2026-02-02T19:59:47.374Z

Link: CVE-2026-25536

cve-icon Vulnrichment

Updated: 2026-02-05T20:58:11.079Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T22:15:59.663

Modified: 2026-03-18T14:22:25.350

Link: CVE-2026-25536

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-04T21:29:38Z

Links: CVE-2026-25536 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:15:30Z

Weaknesses