Sources
OX Security Discloses Systemic RCE at the Core of MCP as Ecosystem Scans Find Tens of Thousands of Unauthenticated Servers
On June 16 OX Security disclosed a systemic vulnerability in core Model Context Protocol implementations enabling arbitrary command execution, exposing API keys, internal databases, and chat histories on any vulnerable MCP host. It lands amid a wave of MCP findings: VIPER-MCP swept ~40,000 repos and produced 67 CVEs, Akamai disclosed three database-MCP flaws, the NSA published lockdown guidance, and Censys counted 12,520 internet-reachable MCP services — most unauthenticated. Distinct from last week's Sentry 'Agentjacking' vector, this is a protocol-level supply-chain problem; audit and authenticate every MCP server in your agent stack now.
Source
↳ Follow the thread
No related signals yet.