CNNVD-202602-547 Information
CNNVD ID
CNNVD-202602-547
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
MCP TypeScript SDK是Model Context Protocol开源的一个用于模型上下文协议服务器和客户端的开发者工具包。 MCP TypeScript SDK 1.10.0版本至1.25.3版本存在竞争条件问题漏洞,该漏洞源于跨客户端响应数据泄露。
Description (English)
MCP TypeScript SDK is a developer tool kit for model context protocol servers and clients from the Model Context Protocol open source. MCP TypeScript SDK Versions 1.10.0 to 1.25.3 contain a loophole on competitive conditions, which originates from cross-client response data leaks.
Hazard Level
Medium
Vulnerability Type
竞争条件问题
Affected Vendor
Model Context Protocol
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/typescript-sdk/issues/204 https://github.com/modelcontextprotocol/typescript-sdk/issues/243 https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7 https://access.redhat.com/security/cve/cve-2026-25536
Patch
https://github.com/modelcontextprotocol/typescript-sdk/releases
Share on: