Overview
When a single McpServer instance with a StreamableHTTPServerTransport is reused across multiple clients, responses can leak across client boundaries. One client may receive data intended for another client. Affects MCP TypeScript SDK v1.10.0-1.25.3. CVSS 7.1.
Who Is Affected
Disclosed via CVE feed, February 4, 2026. Affects any MCP server deployment that uses the official TypeScript SDK's StreamableHTTPServerTransport with multiple concurrent clients -- a common production pattern.
Where It Exists
The vulnerability is in the MCP TypeScript SDK's StreamableHTTPServerTransport. When a single McpServer instance handles multiple client connections through a shared transport, response routing is incorrect.
When It Was Found
Published February 4, 2026. Affects SDK versions 1.10.0 through 1.25.3. Fixed in v1.26.0.
How It Works
When multiple clients connect to the same MCP server instance using StreamableHTTPServerTransport, the response multiplexing logic fails to properly isolate client sessions. Responses (including tool results, resource content, and error messages) can be routed to the wrong client. This is a race condition that occurs under concurrent load.
Impact
Cross-client data leakage in multi-tenant MCP deployments. Client A may receive Client B's tool results, which could contain sensitive data (API responses, file contents, database query results). In enterprise environments where multiple users share an MCP server, this leaks data across security boundaries.
Mitigation
Update the MCP TypeScript SDK to v1.26.0 or later. Use separate McpServer instances per client connection rather than sharing a single instance. Implement response correlation checks on the client side. Monitor for unexpected response content in multi-client deployments.