CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25536

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.7%

CVSS Severity

CVSS v3 Score 7.1

References

Products affected by CVE-2026-25536

Lfprojects » Mcp Typescript Sdk » Version: 1.10.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.10.0
Lfprojects » Mcp Typescript Sdk » Version: 1.10.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.10.1
Lfprojects » Mcp Typescript Sdk » Version: 1.10.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.10.2
Lfprojects » Mcp Typescript Sdk » Version: 1.11.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.0
Lfprojects » Mcp Typescript Sdk » Version: 1.11.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.1
Lfprojects » Mcp Typescript Sdk » Version: 1.11.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.2
Lfprojects » Mcp Typescript Sdk » Version: 1.11.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.3
Lfprojects » Mcp Typescript Sdk » Version: 1.11.4

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.4
Lfprojects » Mcp Typescript Sdk » Version: 1.11.5

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.11.5
Lfprojects » Mcp Typescript Sdk » Version: 1.12.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.12.0
Lfprojects » Mcp Typescript Sdk » Version: 1.12.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.12.1
Lfprojects » Mcp Typescript Sdk » Version: 1.12.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.12.2
Lfprojects » Mcp Typescript Sdk » Version: 1.12.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.12.3
Lfprojects » Mcp Typescript Sdk » Version: 1.13.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.13.0
Lfprojects » Mcp Typescript Sdk » Version: 1.13.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.13.1
Lfprojects » Mcp Typescript Sdk » Version: 1.13.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.13.2
Lfprojects » Mcp Typescript Sdk » Version: 1.13.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.13.3
Lfprojects » Mcp Typescript Sdk » Version: 1.14.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.14.0
Lfprojects » Mcp Typescript Sdk » Version: 1.15.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.15.0
Lfprojects » Mcp Typescript Sdk » Version: 1.15.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.15.1
Lfprojects » Mcp Typescript Sdk » Version: 1.16.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.16.0
Lfprojects » Mcp Typescript Sdk » Version: 1.17.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.0
Lfprojects » Mcp Typescript Sdk » Version: 1.17.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.1
Lfprojects » Mcp Typescript Sdk » Version: 1.17.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.2
Lfprojects » Mcp Typescript Sdk » Version: 1.17.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.3
Lfprojects » Mcp Typescript Sdk » Version: 1.17.4

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.4
Lfprojects » Mcp Typescript Sdk » Version: 1.17.5

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.17.5
Lfprojects » Mcp Typescript Sdk » Version: 1.18.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.18.0
Lfprojects » Mcp Typescript Sdk » Version: 1.18.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.18.1
Lfprojects » Mcp Typescript Sdk » Version: 1.18.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.18.2
Lfprojects » Mcp Typescript Sdk » Version: 1.19.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.19.0
Lfprojects » Mcp Typescript Sdk » Version: 1.20.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.20.0
Lfprojects » Mcp Typescript Sdk » Version: 1.20.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.20.1
Lfprojects » Mcp Typescript Sdk » Version: 1.20.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.20.2
Lfprojects » Mcp Typescript Sdk » Version: 1.21.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.21.0
Lfprojects » Mcp Typescript Sdk » Version: 1.21.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.21.1
Lfprojects » Mcp Typescript Sdk » Version: 1.21.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.21.2
Lfprojects » Mcp Typescript Sdk » Version: 1.22.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.22.0
Lfprojects » Mcp Typescript Sdk » Version: 1.23.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.23.0
Lfprojects » Mcp Typescript Sdk » Version: 1.23.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.23.1
Lfprojects » Mcp Typescript Sdk » Version: 1.24.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.24.0
Lfprojects » Mcp Typescript Sdk » Version: 1.24.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.24.1
Lfprojects » Mcp Typescript Sdk » Version: 1.24.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.24.2
Lfprojects » Mcp Typescript Sdk » Version: 1.24.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.24.3
Lfprojects » Mcp Typescript Sdk » Version: 1.25.0

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.25.0
Lfprojects » Mcp Typescript Sdk » Version: 1.25.1

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.25.1
Lfprojects » Mcp Typescript Sdk » Version: 1.25.2

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.25.2
Lfprojects » Mcp Typescript Sdk » Version: 1.25.3

cpe:2.3:a:lfprojects:mcp_typescript_sdk:1.25.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25536

Products

Pricing

Contact Us