CVE-2026-25536
Published: 04 February 2026
Summary
CVE-2026-25536 is a high-severity Race Condition (CWE-362) vulnerability in Lfprojects Mcp Typescript Sdk. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.
Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables exploitation of the public-facing MCP HTTP server (StreamableHTTPServerTransport) for cross-client data leakage via the documented race condition.
NVD Description
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in…
more
stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
Deeper analysisAI
CVE-2026-25536 affects the MCP TypeScript SDK, the official TypeScript SDK for Model Context Protocol servers and clients. The vulnerability is a cross-client response data leak occurring from version 1.10.0 to 1.25.3, triggered when a single McpServer/Server and transport instance is reused across multiple client connections. This issue is most commonly observed in stateless StreamableHTTPServerTransport deployments. It has been assigned CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition')) and a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).
An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By connecting as a client to the affected server, the attacker can cause response data intended for one client to leak to another, achieving high confidentiality impact (C:H) through unauthorized data exposure across connections, along with low integrity impact (I:L).
The vulnerability has been patched in version 1.26.0 of the MCP TypeScript SDK. Additional details are available in the GitHub security advisory (GHSA-345p-7cg4-v4c7) and related issues #204 and #243 in the modelcontextprotocol/typescript-sdk repository.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, model context protocol