Skip to content

npm audit reports an issue #146

Open
Open
npm audit reports an issue#146
@nicola

Description

@nicola
nicola
opened on Feb 21, 2026

npm audit report

@modelcontextprotocol/sdk  1.10.0 - 1.25.3
Severity: high
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse - https://github.com/advisories/GHSA-345p-7cg4-v4c7
fix available via `npm audit fix --force`
Will install mcp-handler@1.0.6, which is a breaking change
node_modules/@modelcontextprotocol/sdk
  mcp-handler  <=0.0.0-7a941a0f-20260220182431 || >=1.0.7
  Depends on vulnerable versions of @modelcontextprotocol/sdk
  node_modules/mcp-handler

2 high severity vulnerabilities

--

My understanding is that mcp-handler should upgrade to the latest modelcontextprotocol/sdk

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions