Skills
PipeLab 'State of MCP Security 2026': First Systematic Incident Catalog Mapped Against OWASP MCP Top 10
PipeLab published the first comprehensive incident-by-incident mapping of MCP security events (April 2025 through early 2026) against the OWASP MCP Top 10 (beta). Key findings: mcp-remote library (500K+ downloads) had CVSS 9.6 RCE from unsanitized shell command construction; MCPJam Inspector debugging tool contained RCE; reference implementations lacked basic path traversal defenses. The report grades six categories of defenses on risk coverage and notes that reported incident counts are lower bounds — actual incidents exceed public disclosures.
Source
↳ Follow the thread