typescript-sdk — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in typescript-sdk, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25536	@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse CWE-362	7.1	High	2026-02-04
CVE-2025-66414	DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost CWE-1188	7.5^AI	High^AI	2025-12-02

All 2 known CVE vulnerabilities affecting typescript-sdk with full Chinese analysis, references, and POCs where available.