CVE-2026-25536

7.1

HIGH CVSS 3.1

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Overview

Description

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.

Details

INFO

Published Date :

Feb. 4, 2026, 10:15 p.m.

Last Modified :

March 18, 2026, 2:22 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Impact

Affected Products

The following products are affected by CVE-2026-25536 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Lfprojects	mcp_typescript_sdk

: Total Affected Vendor : 1 | Products : 1

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	HIGH				[email protected]

Solution

Update MCP TypeScript SDK to version 1.26.0 or later to fix cross-client response data leaks.

Update the MCP TypeScript SDK to version 1.26.0.
Avoid reusing transport instances across client connections.

Public PoC/Exploit Available at Github

CVE-2026-25536 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-25536.

URL	Resource
https://github.com/modelcontextprotocol/typescript-sdk/issues/204	Issue Tracking Vendor Advisory
https://github.com/modelcontextprotocol/typescript-sdk/issues/243	Issue Tracking Vendor Advisory
https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7	Mitigation Vendor Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-25536 is associated with the following CWEs:

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-25536 weaknesses.

CAPEC-26: Leveraging Race Conditions Leveraging Race Conditions CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Got2surf2/Claude-Code-Audit

None

Shell TypeScript JavaScript Python

Updated: 1 week, 1 day ago

0 stars 0 fork 0 watcher

Born at : May 9, 2026, 12:29 p.m. This repo has been linked 5 different CVEs too.

gerasimsergey/claude-code-ultimate-guide-ua

None

Shell TypeScript JavaScript Python

Updated: 1 week, 5 days ago

0 stars 0 fork 0 watcher

Born at : May 7, 2026, 6:51 p.m. This repo has been linked 5 different CVEs too.

vermava/mcp-cve-project

The Project shares all information on MCP related CVE's published

mcp mcp-security mcp-cve

Updated: 1 week, 1 day ago

0 stars 0 fork 0 watcher

Born at : May 7, 2026, 3:47 p.m. This repo has been linked 68 different CVEs too.

Rikixaviier/ClodeCodeUltime

None

Shell TypeScript JavaScript Python

Updated: 3 weeks ago

0 stars 0 fork 0 watcher

Born at : April 28, 2026, 3:53 p.m. This repo has been linked 5 different CVEs too.

endiselmanaj/macos-vuln-check

macOS vulnerability check script - detects 23 recent supply chain attacks and CVEs (Jan-Apr 2026)

Shell

Updated: 4 weeks, 1 day ago

0 stars 0 fork 0 watcher

Born at : April 20, 2026, 3:45 p.m. This repo has been linked 10 different CVEs too.

afrokhotman-ui/Claude-Guide

None

TypeScript JavaScript Shell Python

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : April 15, 2026, 12:04 p.m. This repo has been linked 5 different CVEs too.

Alamator/code-ultimate

None

TypeScript JavaScript Shell Python

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : April 12, 2026, 7:40 p.m. This repo has been linked 5 different CVEs too.

8kSec/awesome-ai-security

A practitioner-focused reference for AI/ML security — attacks, tools, research, and defenses. Covers offensive AI, securing AI systems, AI-assisted security operations, and governance.

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : April 12, 2026, 4:30 p.m. This repo has been linked 28 different CVEs too.

7WaySecurity/ai_osint

🤖 Curated AI OSINT resources — Google dorks, Shodan queries, GitHub dorks, and techniques to discover exposed LLM endpoints, leaked AI API keys, misconfigured vector databases, and unprotected AI agents

ai-osint ai-security api-keys artificial-intelligence bug-bounty cybersecurity google-dorks hacking llm-security machine-learning mcp-security ollama osint owasp pentesting prompt-injection reconnaissance red-team shodan vector-database

Updated: 3 weeks, 3 days ago

67 stars 13 fork 13 watcher

Born at : April 8, 2026, 2:08 p.m. This repo has been linked 10 different CVEs too.

ArogyaReddy/https-github.com-FlorianBruniaux-claude-code-ultimate-guide

None

TypeScript JavaScript Shell Python

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : April 8, 2026, 10:27 a.m. This repo has been linked 5 different CVEs too.

webpro255/awesome-ai-agent-attacks

A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.

ai-agent-security ai-agents ai-security awesome-list cybersecurity llm-security mcp-security prompt-injection supply-chain-security adversarial-attacks agent-security agentic-ai ai-attacks ai-safety cve incident-response owasp red-team security-research vulnerability

Updated: 3 weeks, 5 days ago

7 stars 1 fork 1 watcher

Born at : April 7, 2026, 2:19 p.m. This repo has been linked 55 different CVEs too.

SoapyRED/freightutils-mcp

FreightUtils MCP Server — 18 free freight tools for AI agents

ai-agents freight logistics mcp model-context-protocol

TypeScript JavaScript

Updated: 3 weeks, 5 days ago

2 stars 0 fork 0 watcher

Born at : April 3, 2026, 5:22 a.m. This repo has been linked 1 different CVEs too.

Ayodet/Claude-Code

None

TypeScript JavaScript Shell Python

Updated: 2 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : March 10, 2026, 10:59 p.m. This repo has been linked 5 different CVEs too.

Richardls/claude-code-ultimate-guide-es

Guía definitiva de Claude Code - Traducción al español latinoamericano

TypeScript JavaScript Shell Python

Updated: 2 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : March 10, 2026, 1:57 p.m. This repo has been linked 5 different CVEs too.

sahiloj/MCPScan

Offensive MCP server auditor — detects tool poisoning, credential leaks, RCE vectors, SSRF, session hijacking, and supply chain vulnerabilities across stdio, HTTP, and SSE transports.

ai-security llm-security mcp model-context-protocol offensive-security security supply-chain tool-poisoning vulnerability-scanner mcp-security open-source mcpscan

TypeScript JavaScript

Updated: 2 months ago

14 stars 3 fork 3 watcher

Born at : March 10, 2026, 6:30 a.m. This repo has been linked 5 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-25536 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-25536 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Mar. 18, 2026

Action	Type	New Value
Added	CPE Configuration	OR cpe:2.3:a:lfprojects:mcp_typescript_sdk::::::::* versions from (including) 1.10.0 up to (excluding) 1.26.0
Added	Reference Type	GitHub, Inc.: https://github.com/modelcontextprotocol/typescript-sdk/issues/204 Types: Issue Tracking, Vendor Advisory
Added	Reference Type	GitHub, Inc.: https://github.com/modelcontextprotocol/typescript-sdk/issues/243 Types: Issue Tracking, Vendor Advisory
Added	Reference Type	GitHub, Inc.: https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7 Types: Mitigation, Vendor Advisory

New CVE Received by [email protected]

Feb. 04, 2026

Action	Type	New Value
Added	Description	MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
Added	CVSS V3.1	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Added	CWE	CWE-362
Added	Reference	https://github.com/modelcontextprotocol/typescript-sdk/issues/204
Added	Reference	https://github.com/modelcontextprotocol/typescript-sdk/issues/243
Added	Reference	https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2026-25536

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Description

INFO

Feb. 4, 2026, 10:15 p.m.

March 18, 2026, 2:22 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

Solution

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Got2surf2/Claude-Code-Audit

gerasimsergey/claude-code-ultimate-guide-ua

vermava/mcp-cve-project

Rikixaviier/ClodeCodeUltime

endiselmanaj/macos-vuln-check

afrokhotman-ui/Claude-Guide

Alamator/code-ultimate

8kSec/awesome-ai-security

7WaySecurity/ai_osint

ArogyaReddy/https-github.com-FlorianBruniaux-claude-code-ultimate-guide

webpro255/awesome-ai-agent-attacks

SoapyRED/freightutils-mcp

Ayodet/Claude-Code

Richardls/claude-code-ultimate-guide-es

sahiloj/MCPScan

Initial Analysis by [email protected]

New CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 7.1

Browse by Apps

CVE-2026-25536

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Description

INFO

Feb. 4, 2026, 10:15 p.m.

March 18, 2026, 2:22 p.m.

Yes !

Affected Products

CVSS Scores

Solution

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

New CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 7.1

Cookie Preferences