426 matches found
Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...
sec-recon-agent
sec-recon-agent Type-safe security triage built on Pydantic A...
PT-2026-41691
Name of the Vulnerable Software and Affected Versions mcp-security versions prior to 0.1.9 Description The mcp-security framework fails to implement mandatory Server-Side Request Forgery SSRF mitigations—a flaw where an attacker can induce the server to make requests to an unintended location—as...
ADR: An Agentic Detection System for Enterprise Agentic AI Security
We present the Agentic AI Detection and Response ADR system, the first large-scale, production-proven enterprise framework for securing AI agents operating through the Model Context Protocol MCP. We identify three persistent challenges in this domain: 1 limited observability -- existing Endpoint...
CVE-2026-42559
A flaw was found in rmcp, the official Rust SDK for the Model Context Protocol. The Streamable HTTP server transport in rmcp failed to validate the incoming Host header, enabling a malicious public website to exploit this through a DNS rebinding attack. This allows the attacker to send...
Insertion of Sensitive Information into Log File
Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the calltool process when file logging is enabled via the DBTMCPSERVERFILELOGGING setting. An...
CVE-2026-42559
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
CVE-2026-42559 RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
CVE-2026-42559
The RMCP Streamable HTTP server transport in the rmcp crate failed to validate the Host header prior to version 1.4.0, enabling a DNS rebinding attack that could cause authenticated requests to reach a victim’s local MCP server. Impact could include enumeration, reading state, and triggering side...
EUVD-2026-30292
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
MCP Registry 安全漏洞
MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.9 contained security vulnerabilities. These vulnerabilities stemmed from OCI ownership verification skipping tag matching checks during HTTP 429 requests, which...
Extending Security to MCP Servers: Closing a Critical Gap
The Model Context Protocol MCP is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the...
CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation
Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
EUVD-2026-28639
PraisonAI MCP tools/call path-traversal = RCE via Python .pth injection...
Command Injection
Overview @profullstack/mcp-server is an A generic, modular server for implementing the Model Context Protocol MCP Affected versions of this package are vulnerable to Command Injection via the domainlookup process. An attacker can execute arbitrary operating system commands with the privileges of...
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
n8n-MCP 安全漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. It serves as a connection between AI assistants and automated workflow platforms. Versions of n8n-MCP from 2.18.7 to 2.50.2 contained security vulnerabilities. These vulnerabilities were caused b...
PT-2026-39003
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...