Vibe Coding
5,618 MCP Server Scan: 90% Unverified, 36.7% SSRF-Exposed, 37% Require Zero Auth
A systematic scan of 5,618 public MCP servers found only 143 (2.5%) scored green; 5,067 (90%) flagged yellow for stale dependencies or insufficient metadata. Among servers accepting external URLs, 36.7% expose SSRF vectors; in 539 active production endpoints, 201 (37.4%) require no authentication. Specific vulnerable dependencies include FAISS (arbitrary file read/write via crafted index files), TorchServe (RCE via SnakeYAML), and Ollama (stored SSRF via inadequate URL validation).
Source
↳ Follow the thread