VDB

GHSA-w2fm-25vw-vh7f

GHSA-w2fm-25vw-vh7f PUBLISHED CVSS 7.099999904632568 HIGH

mcp-handler has a tool response leak across concurrent client sessions ('Race Condition')

Risk Scores

CVSS v3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected Products

VendorProductVersions
modelcontextprotocolsdk1.10.0, 1.10.0, 1.10.0
npmmcp-handler0, 0, 0

Timeline

  • Mar 2, 2026 Security Advisory
  • Apr 1, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›