Skills
MCPwned: 30 CVEs in 60 Days — RCE Chain Enables Full Cloud Environment Compromise
Token Security researcher Ariel Simon will present MCPwned at RSAC 2026, demonstrating a remote code execution chain in Microsoft's Azure MCP server that can compromise entire cloud environments. The broader research catalogued 30 CVEs across MCP implementations within 60 days, establishing MCP as the fastest-growing attack surface in AI infrastructure. Senior developers building MCP-backed agents must treat every tool parameter as an untrusted injection surface and mandate authentication on all MCP server endpoints.
↳ Follow the thread