JSON-RPC 2.0 is the wire format every MCP message uses, regardless of whether it travels over STDIO or Streamable HTTP. It’s a stateless, lightweight remote procedure call protocol where every message is a JSON object with a method name, parameters, and either an id (for requests and responses) or no id (for notifications). MCP picked JSON-RPC 2.0 because it’s simple, language-agnostic, and well-understood. Every MCP request like tools/list or tools/call, every response, and every notification like notifications/tools/list_changed follows the spec. Understanding JSON-RPC 2.0 matters for security because most schema-level attacks (parameter smuggling, oversized payloads, malformed responses) happen at this layer.
How JSON-RPC 2.0 Works in MCP
A request looks like: { “jsonrpc”: “2.0”, “id”: 1, “method”: “tools/call”, “params”: {…} }. The server processes it and replies with either a result or an error, matching the original ID. Notifications drop the id field and don’t expect a response, which MCP uses for events like listChanged. Both sides agree on the protocol version during the initialize handshake. JSON-RPC 2.0 also supports batching, though MCP rarely uses it. The format itself adds no authentication, encryption, or session management; those controls live at the transport layer.
Certified MCP Security Expert
Attack, defend, and pen test MCP servers in 30+ hands-on labs. Get certified.
Why the JSON-RPC 2.0 Format Matters for MCP Security
Researchers analyzing the protocol (arXiv 2601.17549, MCP-38 taxonomy) found multiple protocol-level weaknesses in the JSON-RPC handshake itself. Capability negotiation lets servers declare more capabilities than the user expected, breaking least privilege. Malformed responses can crash poorly-coded clients. Oversized batched requests open the door to denial of service. Method name collisions across servers create routing ambiguity that attackers can abuse. Treating JSON-RPC 2.0 as just plumbing misses the fact that the spec gives servers significant power over what the client trusts.
How to Secure the JSON-RPC 2.0 Layer
Validate every incoming message against a strict schema. Reject unknown method names, oversized payloads, and malformed JSON. Bind every response id to the original request to stop response injection. Log every JSON-RPC method call with full parameters for forensic visibility. Apply timeouts on every request, so a stalled server can’t tie up clients indefinitely. The Certified MCP Security Expert (CMCPSE) course goes deep on JSON-RPC 2.0 security patterns specific to MCP.
Summary
JSON-RPC 2.0 is the message format that carries every MCP request, response, and notification. The format is simple, but recent research shows protocol-level weaknesses that turn careless implementations into easy targets. The Certified MCP Security Expert (CMCPSE) certification teaches the JSON-RPC validation patterns that close these gaps in production MCP servers and clients.