pkg:npm/@modelcontextprotocol/sdk

3 total CVEsHIGH1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.1CVE-2026-25536@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
    >= 1.10.0, < 1.26.0
  • CVE-2026-0621Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
    from 0, < 1.25.2
  • CVE-2025-66414Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
    from 0, < 1.24.0