Update npm package @modelcontextprotocol/sdk to v1.26.0 [SECURITY]

[hash-worker]

This PR contains the following updates:

Package	Change	Age	Confidence
@modelcontextprotocol/sdk (source)	1.25.2 -> 1.26.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-25536

Summary

Cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments.

Impact

Who is affected: Any MCP server deployment using the TypeScript SDK where a single McpServer (or Server) instance is shared across multiple concurrent client connections. This is most likely in stateless mode (no sessionIdGenerator), where the natural but incorrect pattern is to create one server and transport and handle all requests through it. Stateful mode is also affected if the server instance is improperly shared across sessions, though this misconfiguration is less common since the stateful pattern naturally encourages per-session instances.

What happens: When two or more MCP clients send requests concurrently through a shared server instance, JSON-RPC message ID collisions cause responses to be routed to the wrong client's HTTP connection. Client A can receive response data intended for Client B, and vice versa, even when authorization was correctly enforced on each individual request.

The MCP SDK's client generates message IDs using a simple incrementing counter starting at 0. When two clients connect to the same server instance, they produce identical message IDs, causing the transport's internal request-to-stream mapping to overwrite one client's entry with another's — routing responses to the wrong HTTP connection.

Conditions for exploitation:

• The server reuses a single McpServer/Server instance across requests or sessions (rather than creating fresh instances per request/session)
• Two or more clients connect concurrently
• Clients generate overlapping JSON-RPC message IDs (virtually guaranteed since the SDK's client uses an incrementing counter starting at 0)

Not affected:

• Stateful servers that create a new McpServer + transport per session (the typical and recommended stateful pattern)
• Stateless servers that create a new McpServer + transport per request
• Single-client environments (e.g., local development with one IDE)

Patches

The fix adds runtime guards that turn silent data misrouting into immediate, actionable errors:

1. Protocol.connect() now throws if the protocol is already connected to a transport, preventing silent transport overwriting across both stateful and stateless modes
2. Stateless StreamableHTTPServerTransport.handleRequest() now throws if called more than once, enforcing one-request-per-transport in stateless mode

Servers that were incorrectly reusing instances will now receive a clear error message directing them to create separate instances per connection.

Workarounds

If projects cannot upgrade immediately, ensure the server creates fresh McpServer and transport instances for each request (stateless) or session (stateful):

// Stateless mode: create new server + transport per request
app.post('/mcp', async (req, res) => {
  const server = new McpServer({ name: 'my-server', version: '1.0.0' });
  // ... register tools, resources, etc.
  const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: undefined });
  await server.connect(transport);
  await transport.handleRequest(req, res);
});

// Stateful mode: create new server + transport per session
const sessions = new Map();
app.post('/mcp', async (req, res) => {
  const sessionId = req.headers['mcp-session-id'];
  if (sessions.has(sessionId)) {
    await sessions.get(sessionId).transport.handleRequest(req, res);
  } else {
    const server = new McpServer({ name: 'my-server', version: '1.0.0' });
    // ... register tools, resources, etc.
    const transport = new StreamableHTTPServerTransport({
      sessionIdGenerator: () => randomUUID()
    });
    await server.connect(transport);
    sessions.set(transport.sessionId, { server, transport });
    await transport.handleRequest(req, res);
  }
});

Resources

• https://github.com/modelcontextprotocol/typescript-sdk/issues/204
• https://github.com/modelcontextprotocol/typescript-sdk/issues/243

---

Release Notes

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.26.0

Compare Source

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

• chore: bump v1.25.3 for backport fixes by @​pcarleton in #​1412
• fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @​samuv in #​1382
• Fix #​1430: Client Credentials providers scopes support (backported) by @​NSeydoux in #​1442
• chore: bump version to 1.26.0 by @​pcarleton in #​1479

New Contributors

• @​samuv made their first contribution in #​1382
• @​NSeydoux made their first contribution in #​1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

Compare Source

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in #​1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in #​1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hash	Ready	Preview, Comment	Feb 4, 2026 9:08pm

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
hashdotdesign	Ignored	Preview	Feb 4, 2026 9:08pm
hashdotdesign-tokens	Ignored	Preview	Feb 4, 2026 9:08pm
petrinaut	Skipped		Feb 4, 2026 9:08pm

[cursor]

PR Summary

Low Risk
Dependency-only bump (plus lockfile updates) with no application logic changes; risk is mainly limited to potential runtime incompatibilities in the MCP servers due to upstream dependency changes.

Overview
Updates @modelcontextprotocol/sdk from 1.25.2 to 1.26.0 for the Linear and Notion MCP apps, pulling in upstream security fixes.

Regenerates yarn.lock accordingly, including transitive bumps (notably @hono/node-server, express, express-rate-limit, jose, and zod-to-json-schema) to match the new SDK dependency graph.

^{Written by Cursor Bugbot for commit a642b7a. This will update automatically on new commits. Configure here.}

[augmentcode]

🤖 Augment PR Summary

Summary: Upgrade @modelcontextprotocol/sdk to v1.26.0 to incorporate the GHSA-345p-7cg4-v4c7 security fix.

Changes: Bumps the SDK version in the Linear and Notion MCP server workspaces.

Updates yarn.lock to match the new dependency graph.

Why: Prevents cross-client JSON-RPC response misrouting when servers/transports are incorrectly reused.

Technical note: v1.26.0 adds runtime guards that throw on multi-connect / multi-handle patterns.

No functional code changes included beyond dependency updates.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.