Agents
MCP Security 2026: 30 CVEs in 60 Days — 43% Shell Injection, WhatsApp MCP Exfiltrates Full Chat History via Tool Poisoning
Between January and February 2026, researchers filed 30+ CVEs targeting MCP infrastructure: 43% exec/shell injection from unsanitized user input, 20% tooling infrastructure flaws, 13% authentication bypass — one package with 500K downloads carried a CVSS 9.6 RCE. The WhatsApp MCP server was documented exfiltrating entire chat histories via tool poisoning, where malicious tool descriptions trick agents into executing unintended operations they cannot distinguish from legitimate ones. Volume and severity confirm MCP as the primary new attack surface in the AI infrastructure stack.
↳ Follow the thread