Model Context Protocol TypeScript SDK Cross-Client Data Leak Vulnerability

A cross-client response data leak vulnerability has been identified in the Model Context Protocol (MCP) TypeScript SDK, specifically in versions 1.10.0 prior to 1.25.3. The issue arises when a single instance of `McpServer` or `Server` and its associated transport is reused across multiple client connections. This vulnerability is most prevalent in stateless `StreamableHTTPServerTransport` deployments, where the default pattern may inadvertently lead to data being sent to the wrong client.

Impact

Exploiting this vulnerability causes response data intended for one client to be incorrectly routed to another, disrupting the application's communication flow. This misdirection occurs because the MCP SDK's client uses a simple incrementing counter to generate message IDs, leading to collisions when multiple clients are connected to the same server instance.

Reproduction

To reproduce this vulnerability, create a server using the MCP TypeScript SDK and connect a transport that handles server-sent events (SSE). Then, establish multiple client connections to the same server instance simultaneously. When one client sends a request, the response will be incorrectly delivered to the other client, demonstrating the cross-client data leak.

Remediation

Upgrade to version 1.26.0 or later, where this vulnerability has been patched. After upgrading, ensure that the server is configured to create separate `McpServer` and transport instances for each client connection, especially in stateless deployments.