{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25536", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-02T19:59:47.374Z", "datePublished": "2026-02-04T21:29:38.276Z", "dateUpdated": "2026-02-05T20:58:17.103Z"}, "containers": {"cna": {"title": "@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse", "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7"}, {"name": "https://github.com/modelcontextprotocol/typescript-sdk/issues/204", "tags": ["x_refsource_MISC"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/204"}, {"name": "https://github.com/modelcontextprotocol/typescript-sdk/issues/243", "tags": ["x_refsource_MISC"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/243"}], "affected": [{"vendor": "modelcontextprotocol", "product": "typescript-sdk", "versions": [{"version": ">= 1.10.0, < 1.26.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-04T21:29:38.276Z"}, "descriptions": [{"lang": "en", "value": "MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0."}], "source": {"advisory": "GHSA-345p-7cg4-v4c7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T20:58:06.900713Z", "id": "CVE-2026-25536", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T20:58:17.103Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25536", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-05T20:58:06.900713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T20:58:11.079Z"}}], "cna": {"title": "@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse", "source": {"advisory": "GHSA-345p-7cg4-v4c7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "modelcontextprotocol", "product": "typescript-sdk", "versions": [{"status": "affected", "version": ">= 1.10.0, < 1.26.0"}]}], "references": [{"url": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7", "name": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/204", "name": "https://github.com/modelcontextprotocol/typescript-sdk/issues/204", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/243", "name": "https://github.com/modelcontextprotocol/typescript-sdk/issues/243", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-04T21:29:38.276Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25536", "state": "PUBLISHED", "dateUpdated": "2026-02-05T20:58:17.103Z", "dateReserved": "2026-02-02T19:59:47.374Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-04T21:29:38.276Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mcp_typescript_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B979E384-46FC-45C2-947D-62860FC1F257", "versionEndExcluding": "1.26.0", "versionStartIncluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0."}, {"lang": "es", "value": "El SDK de TypeScript de MCP es el SDK oficial de TypeScript para servidores y clientes de Model Context Protocol. Desde la versi\u00f3n 1.10.0 hasta la 1.25.3, se produce una fuga de datos de respuesta entre clientes cuando una \u00fanica instancia de McpServer/servidor y de transporte es reutilizada a trav\u00e9s de m\u00faltiples conexiones de cliente, m\u00e1s com\u00fanmente en despliegues de StreamableHTTPServerTransport sin estado. Este problema ha sido parcheado en la versi\u00f3n 1.26.0."}], "id": "CVE-2026-25536", "lastModified": "2026-03-18T14:22:25.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-04T22:15:59.663", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/204"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/243"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "@modelcontextprotocol/sdk: @modelcontextprotocol/sdk cross-client data leak", "id": "2436937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436937"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-367", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-25536", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-tech-preview/mcp-server-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2026-02-04T21:29:38Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25536\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25536\nhttps://github.com/modelcontextprotocol/typescript-sdk/issues/204\nhttps://github.com/modelcontextprotocol/typescript-sdk/issues/243\nhttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-17T23:10:18.937788+00:00", "value": {"mitigation_remediation": ["Upgrade the Model Context Protocol TypeScript SDK to version 1.26.0 or later.", "Configure the application to instantiate a separate McpServer/Server and transport instance for each client connection instead of reusing a shared instance.", "If an upgrade is not possible, pause the reuse of server/transport instances across clients until the vulnerability is patched, and audit existing deployments for excessive instance reuse."], "summary": {"action": "Apply Patch", "impact": "Data Leakage Across Clients"}, "threat_synthesis": {"affected_systems": "Vendor: Model Context Protocol \u2013 TypeScript SDK. Versions from 1.10.0 through 1.25.3 are affected. The fix was released in version 1.26.0 and later versions are not affected.", "description_and_impact": "The vulnerability exists in the Model Context Protocol TypeScript SDK and allows a cross\u2011client response data leak. When a single McpServer/Server and transport instance is reused for multiple client connections, data returned for one client can be accessed by another client. This flaw manifests due to race conditions and improper isolation of concurrent requests, identified by CWE\u2011362 (Race Condition) and CWE\u2011367 (Concurrent Process Data Deletion). The primary impact is a confidentiality breach, exposing sensitive information from one client to others sharing the same server instance. No denial\u2011of\u2011service or privileged\u2011execution capability is granted by the flaw.", "risk_and_exploitability": "The CVSS base score of 7.1 indicates high severity, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw by intentionally reusing the same server or transport instance across multiple client sessions, which is a common pattern in stateless StreamableHTTPServerTransport deployments. The attack likely requires control over the application code or the ability to influence the client connection lifecycle to orchestrate the reuse of the shared instance. No public exploit has been published, and the flaw is largely a design error rather than an externally triggerable exploit."}}}}, "created": "2026-02-05T11:39:39.407113+00:00", "updated": "2026-04-17T23:15:30.806802+00:00", "vendors": ["modelcontextprotocol", "modelcontextprotocol$PRODUCT$typescript-sdk"]}