JSON-RPC 2.0 is the wire format every MCP message uses, regardless of whether it travels over STDIO or Streamable HTTP. It’s a stateless, lightweight remote procedure call protocol where every message is a JSON object with a method name, parameters, and either an id (for requests and responses) or no id (for notifications). MCP picked JSON-RPC 2.0 because it’s simple, language-agnostic, and well-understood. Every MCP request like tools/list or tools/call, every response, and every notification like notifications/tools/list_changed follows the spec. Understanding JSON-RPC 2.0 matters for security because most schema-level attacks (parameter smuggling, oversized payloads, malformed responses) happen at this layer.
How JSON-RPC 2.0 Works in MCP
A request looks like { “jsonrpc”: “2.0”, “id”: 1, “method”: “tools/call”, “params”: {…} }. The server processes it and replies with either a result or an error, matching the original id. Notifications drop the id field and don’t expect a response, which MCP uses for events like listChanged. Both sides agree on the protocol version during the initialize handshake. JSON-RPC 2.0 also supports batching, though MCP rarely uses it. The format itself adds no authentication, encryption, or session management. Those controls live at the transport layer.
Certified MCP Security Expert
Attack, defend, and pen test MCP servers in 30+ hands-on labs. Get certified.
Why the JSON-RPC 2.0 Format Matters for MCP Security
Researchers analyzing the protocol (arXiv 2601.17549, MCP-38 taxonomy) found multiple protocol-level weaknesses in the JSON-RPC handshake itself. Capability negotiation lets servers declare more capabilities than the user expected, breaking least privilege. Malformed responses can crash poorly-coded clients. Oversized batched requests open the door to denial of service. Method name collisions across servers create routing ambiguity that attackers can abuse. Treating JSON-RPC 2.0 as just plumbing misses the fact that the spec gives servers significant power over what the client trusts.
How to Secure the JSON-RPC 2.0 Layer
Validate every incoming message against a strict schema. Reject unknown method names, oversized payloads, and malformed JSON. Bind every response id to the original request to stop response injection. Log every JSON-RPC method call with full parameters for forensic visibility. Apply timeouts on every request so a stalled server can’t tie up clients indefinitely. The Certified MCP Security Expert (CMCPSE) course goes deep on JSON-RPC 2.0 security patterns specific to MCP.
Summary
JSON-RPC 2.0 is the message format that carries every MCP request, response, and notification. The format is simple, but recent research shows protocol-level weaknesses that turn careless implementations into easy targets. The Certified MCP Security Expert (CMCPSE) certification teaches the JSON-RPC validation patterns that close these gaps in production MCP servers and clients.