漏洞关键信息 CVE ID: CVE-2026-25536 Severity: High (7.1/10) CVSS v3 Base Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: None Summary: Cross-client response data leak when a single McpServer / Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. Impact: Who is affected: Any MCP server deployment using the TypeScript SDK where a single McpServer (or Server) instance is shared across multiple concurrent client connections. This is most likely in stateless mode (no sessionIdGenerator), where the natural but incorrect pattern is to create one server and transport and handle all requests through it. What happens: When two or more MCP clients send requests concurrently through a shared server instance, JSON-RPC message ID collisions cause responses to be routed to the wrong client's HTTP connection. Conditions for exploitation: The server reuses a single McpServer / Server instance across requests or sessions. Two or more clients connect concurrently. Clients generate overlapping JSON-RPC message IDs. Not affected: Stateful servers that create a new McpServer + transport per session. Stateless servers that create a new McpServer + transport per request. Single-client environments. Patches: Protocol.connect() now throws if the protocol is already connected to a transport. Stateless StreamableHTTPServerTransport.handleRequest() now throws if called more than once. Workarounds: If you cannot upgrade immediately, ensure your server creates fresh McpServer and transport instances for each request (stateless) or session (stateful). References: #204 #243