Token Security 'MCPwned': Azure MCP RCE Chains to Full Azure Tenant Takeover — RSAC 2026
GlobeNewswire / Yahoo Finance·high signal
Token Security researcher Ariel Simon will demo 'MCPwned' at RSAC 2026, showing a full attack chain from an RCE flaw in Microsoft's Azure MCP server to credential harvesting and complete Azure tenant compromise. The research announced March 17 extends beyond CVE-2026-26118 (CVSS 8.8 SSRF, patched in Patch Tuesday) by demonstrating post-exploit escalation paths that the original advisory did not surface. Session targets teams deploying or building MCP servers and includes practical mitigations.