bug-bounty521
xss284
rce145
bragging-post118
google112
account-takeover110
open-source94
exploit90
authentication-bypass89
privilege-escalation88
csrf86
facebook80
microsoft78
stored-xss75
malware69
access-control68
cve68
web-security65
ai-agents64
reflected-xss63
writeup55
input-validation51
ssrf51
phishing50
smart-contract49
sql-injection49
defi48
cross-site-scripting48
tool47
privacy47
information-disclosure46
api-security45
ethereum45
web-application40
cloudflare40
vulnerability-disclosure39
apple38
reverse-engineering37
llm37
burp-suite37
opinion36
automation36
oauth35
dos35
web335
responsible-disclosure35
idor33
html-injection33
smart-contract-vulnerability33
lfi33
0
7/10
A comprehensive analysis of 30+ CVEs discovered in the Model Context Protocol ecosystem over 60 days (January–February 2026), covering attack patterns, root causes, and defense strategies. Vulnerabilities ranged from command injection (43% of CVEs) and path traversal (82% of scanned implementations) to prompt injection and supply chain attacks, with analysis of specific real-world incidents including mcp-remote's CVSS 9.6 RCE affecting 437,000+ downloads.
mcp
model-context-protocol
command-injection
path-traversal
prompt-injection
tool-poisoning
remote-code-execution
authentication-bypass
sandbox-escape
supply-chain-attack
cross-tenant-exposure
ssrf
code-injection
ai-security
input-validation
vulnerability-analysis
defense-checklist
ai-agent-security
CVE-2025-49596
CVE-2025-6514
CVE-2025-54136
MCP Inspector
mcp-remote
Cursor IDE
Claude Code
Anthropic
Filesystem MCP Server
GitHub MCP Server
WhatsApp MCP Server
Asana MCP Server
Postmark MCP
Smithery
OWASP Agentic Top 10
Invariant Labs
Adversa AI SecureClaw