Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks
A large-scale analysis has identified critical security vulnerabilities in thousands of Model Context Protocol (MCP) servers, revealing that factors like popularity, repository activity, and verification badges do not reliably indicate a secure posture. These flaws, including arbitrary file access and injection attacks, expose organizations to significant systemic risk and necessitate a shift toward zero-trust security practices.