Tip: Audit All MCP Server Inputs Yourself — The Protocol Delegates All Sanitization to You
SecurityWeek·medium signal
With CVEs now confirmed across Cursor, Windsurf, LibreChat, and MCP Inspector — all stemming from the same unsanitized-input design choice — treat every MCP tool_call parameter as untrusted user input. Validate and sanitize inputs in your MCP server handler before passing them to shell commands, database queries, or file operations. Anthropic has explicitly declined to add sanitization to the protocol specification itself.