bug-bounty527
xss288
rce154
google119
account-takeover118
bragging-post118
exploit96
open-source94
privilege-escalation94
facebook90
authentication-bypass89
csrf87
microsoft81
stored-xss75
cve73
malware71
access-control69
ai-agents66
web-security65
reflected-xss63
writeup56
phishing51
input-validation51
ssrf51
sql-injection50
smart-contract49
cross-site-scripting48
defi48
privacy47
tool47
information-disclosure47
ethereum45
api-security45
apple41
reverse-engineering41
web-application40
cloudflare40
vulnerability-disclosure39
dos38
llm37
burp-suite37
opinion36
automation36
web335
responsible-disclosure35
oauth35
browser34
ai-security34
lfi33
idor33
0
7/10
A comprehensive analysis of 30+ CVEs discovered in the Model Context Protocol ecosystem over 60 days (January–February 2026), covering attack patterns, root causes, and defense strategies. Vulnerabilities ranged from command injection (43% of CVEs) and path traversal (82% of scanned implementations) to prompt injection and supply chain attacks, with analysis of specific real-world incidents including mcp-remote's CVSS 9.6 RCE affecting 437,000+ downloads.
mcp
model-context-protocol
command-injection
path-traversal
prompt-injection
tool-poisoning
remote-code-execution
authentication-bypass
sandbox-escape
supply-chain-attack
cross-tenant-exposure
ssrf
code-injection
ai-security
input-validation
vulnerability-analysis
defense-checklist
ai-agent-security
CVE-2025-49596
CVE-2025-6514
CVE-2025-54136
MCP Inspector
mcp-remote
Cursor IDE
Claude Code
Anthropic
Filesystem MCP Server
GitHub MCP Server
WhatsApp MCP Server
Asana MCP Server
Postmark MCP
Smithery
OWASP Agentic Top 10
Invariant Labs
Adversa AI SecureClaw