Security vulnerability in @modelcontextprotocol/sdk (CVE-2026-25536)

[mallesh-sourcefuse]

Summary
A security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2026-25536) has been identified in the modelcontextprotocol/sdk package version v1.24.0, which is currently included as a dependency in this repository.

Details
Security scanning has flagged modelcontextprotocol/sdk@1.24.0 as vulnerable. Since this dependency is locked in package-lock.json, projects depending on this repository may inherit the vulnerability.

Fixed Version is modelcontextprotocol/sdk@1.26.0

Impact
Exploitation of this vulnerability could potentially lead to security risks depending on how the affected component is used within the application.

[yeshamavani]

@mallesh-sourcefuse new version --> loopback4-mcp@1.0.2