Critical Vulnerabilities Found in Popular MCP Servers
SecurityVulnerabilitiesMCPAPICybersecurityGitHubRemoteCodeExecutionServerSideRequestForgeryPromptInjectionCommandInjectionAuthenticationDirectoryTraversalWebsocketHijackingCredentialTheft
A security assessment of six popular MCP (Multi-Tool Chain Platform) server projects—totaling over 70,000 GitHub stars—revealed critical vulnerabilities, including unauthenticated API access, remote code execution (RCE), server-side request forgery (SSRF), prompt injection, and command injection. One project allowed a single POST request to decrypt and return all stored API keys in plaintext, while others exposed hardcoded security bypasses, unsanitized code execution, and weak authentication mechanisms. Most tested servers lacked authentication entirely, with vulnerabilities confirmed in unmodified, published packages. The findings included directory traversal, websocket hijacking, and credential theft via environment variables.