Wednesday , July 8 2026
MCP Servers

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery (SSRF), and SQL injection. This raises big worries about the safety of AI supply chain security.

A big study of 9,695 MCP servers from well-known sites like GitHub, Glama, Lobehub, and PulseMCP shows that trusted signs like popularity, activity, and verification badges do not always show real security quality, putting organizations at risk as use grows.

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery...
Read More
Thousands of MCP Servers Exposed to File Access and Injection Attacks

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device's web interface. An...
Read More
CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Daily Cyber security update for 6. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 6. 07. 2026

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

Singapore major data centres, cloud providers could incur fine up to $1m

Major data center and cloud service providers might have to pay a fine of up to $1 million or up...
Read More
Singapore major data centres, cloud providers could incur fine up to $1m

IBM-managed instance breach exposes personal data of 70,000 in Singapore

The Singapore Land Authority (SLA) has announced that the personal details of around 70,000 people were leaked after someone accessed...
Read More
IBM-managed instance breach exposes personal data of 70,000 in Singapore

Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting...
Read More
Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of...
Read More
CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

Thousands of MCP Servers Found Vulnerable

The study found 5,832 servers with security flaws. Out of those, 2,259 were confirmed to have serious flaws that could be exploited beyond just login issues.

4,982 different security problems were listed. This includes 880 cases of unwanted file access, 476 command injection errors, 422 SSRF issues, 211 SQL injection problems, and 490 denial-of-service flaws.

Additional findings showed 155 cases of cross-site scripting, authorization bypass, and 185 prompt injection cases seen as harmful actions. Importantly, 2,054 servers did not have authentication methods, and while these were not reported alone, they greatly increase the risk of other weaknesses when added together.

MCP servers connect AI agents to important resources like files, databases, APIs, and cloud systems. This helps them run code and automate work. But this special access also increases the risk of attacks.

The top combinations of security issues (Source: Trend AI Security)

The study showed that there is no strong link between how popular a server is and its security. Servers that are very popular (with over 50 GitHub stars) can be the most risky because many people use them, which raises the danger of one flaw affecting many users.

These servers often show SSRF, prompt injection, and file access problems linked to rich features. Mid-tier servers (10–49 stars) are the most common and have the most types of weaknesses. On the other hand, low-popularity and no-star repositories, which are often experimental or used privately, still have serious issues like command execution flaws, even though they are less visible.

Repository activity, measured by commit history, did not show better security. Projects with over 100 commits were just as vulnerable as less active ones. This means that more development can lead to more security risks without making defenses better.

Verification tools in MCP directories, like code checks and ownership tests, did not lower risk much. Verified servers had almost the same average number of problems as unverified servers.

The Trend AI Security study shows real risks in different areas. In MCP servers that focus on cryptocurrency and DeFi, researchers found problems with server-side template injection that allow remote code execution and issues with prompt injection that can change how AI agents behave.

MCP servers in businesses had problems with SQL injection and unverified Active Directory queries. This could let attackers gather information or gain more power using simple language questions handled by AI.

The study highlights a larger problem in the industry: there is no steady way to check inputs or safe development methods in the MCP system. Most security gaps were seen as mistakes made by developers, not as deliberate attacks. Still, prompt injection is a new danger in places using LLMs.

Security experts say that organizations need to stop trusting third-party MCP servers and instead use a zero-trust method.

This involves checking code, making sure users are verified and have limited access, validating all inputs, and inspecting traffic in real-time to find unusual behavior. As MCP supports the growth of AI-driven automation, the results show that security needs to improve with functionality to stop widespread abuse of connected AI systems.

Check Also

Asian

Asian Two AI startups launch Mythos-like Model

Two Asian AI companies have released new models this week that compete with Anthropic’s recently …