Lucene search
K

6 matches found

NVD
NVD
added 2026/02/04 10:15 p.m.13 views

CVE-2026-25536

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS0.00267EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/04 9:29 p.m.7 views

EUVD-2026-5335

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 9:29 p.m.5 views

CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/02/04 9:29 p.m.43 views

CVE-2026-25536

CVE-2026-25536 affects the MCP TypeScript SDK. From versions 1.10.0 through 1.25.3, cross‑client data can leak when a single McpServer/Server and transport instance is reused across multiple client connections (notably in stateless StreamableHTTPServerTransport deployments). The issue arises from...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/04 8:4 p.m.23 views

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

7.1CVSS5.5AI score0.00267EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/01 10:11 a.m.17 views

kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()

A flaw was found in the TCP subsystem in tcpdisconnect of the Linux kernel.The server-side TCP Fast Open socket was reused as a new client before the TFO socket completes, leading to an information leak...

7.8CVSS5.8AI score0.00144EPSS
Exploits0References5
Rows per page
Query Builder