Gh-Arpeet

**Name of the Vulnerable Software and Affected Versions** MCP TypeScript SDK versions 1.10.0 through 1.25.3 **Description** The MCP TypeScript SDK, designed for Model Context Protocol servers and clients, exhibits a cross-client response data leak. This occurs when a single `McpServer`/Server and transport instance is reused across multiple client connections, particularly in stateless `StreamableHTTPServerTransport` deployments. The issue has been addressed in version 1.26.0. **Recommendations** Update to version 1.26.0 or later.