Skills
OWASP MCP Top 10: First Standardized Security Checklist for MCP Deployments — 30+ CVEs Filed Against MCP Infrastructure in Jan-Feb 2026
OWASP published the MCP Top 10 covering token mismanagement, shadow MCP servers, context over-sharing, supply chain attacks, command injection, and insufficient auth. Between January and February 2026, researchers filed 30+ CVEs targeting MCP servers — not exotic zero-days but basic security failures like hardcoded credentials and missing input validation. The checklist is a living document with concrete remediation steps for each vulnerability class.
↳ Follow the thread