2 matches found
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
@chainsafe/lodestar (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0), @lodestar/beacon-node (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0) potentially affected by unknown CVE via @lodestar/reqresp (>=1.10.0-dev.a208afb45a <=1.25.0-rc.0)
@lodestar/reqresp NPM version =1.10.0-dev.a208afb45a, =1.10.0-dev.00b94f3802, =1.10.0-dev.00b94f3802, =1.25.0-rc.0 Source cves: unknown CVE Source advisory: OSV:GHSA-53RV-HCVM-RPP9...