mcp-cve-project

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • No license — Repository has no license file
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Uyari
  • Code scan incomplete — No supported source files were scanned during light audit
Permissions Gecti
  • Permissions — No dangerous permissions requested

Bu listing icin henuz AI raporu yok.

SUMMARY

The Project shares all information on MCP related CVE's published

README.md

MCP-related CVE reference

This repository is a curated index of publicly disclosed Common Vulnerabilities and Exposures (CVEs) that touch the Model Context Protocol (MCP) ecosystem: official and third-party servers, SDKs, gateways, clients, and integrations where MCP is part of the attack surface or fix scope. Each linked note under cves/ summarizes the affected component, weakness class, and pointers for defenders and maintainers.

Coverage: 146 indexed CVEs (indexed below, newest first by disclosure-related date).

OWASP Top 10 (2021) mapping

Indexed CVEs are mapped to the primary OWASP Top 10 — 2021 category that best matches each weakness (using NVD/CWE where available, otherwise the index summary). A CVE may relate to more than one category; only the primary mapping is shown in the tables below.

OWASP Category Count
A01 Broken Access Control 28
A02 Cryptographic Failures 7
A03 Injection 64
A04 Insecure Design 5
A05 Security Misconfiguration 12
A07 Identification and Authentication Failures 9
A08 Software and Data Integrity Failures 6
A09 Security Logging and Monitoring Failures 2
A10 SSRF 13

Category guide: A01 — access control and path/isolation bypasses; A02 — sensitive data exposure; A03 — injection (command/SQL/XSS); A04 — design/protocol flaws (e.g. DoS); A05 — misconfiguration (DNS rebinding, CORS, unsafe defaults); A07 — authentication/OAuth/session; A08 — untrusted config/stdio and supply-chain integrity; A09 — sensitive data in logs; A10 — SSRF.

Note: A06 (Vulnerable and Outdated Components) is not assigned per CVE — it reflects dependency/version risk, not a single weakness instance.

CVE Breakdown

2026

S.No Date CVE OWASP MCP Top 10 (2025) Affected product
1 2026‑05‑12 CVE‑2026‑5029 MCP07 — Insufficient Authentication & Authorization A07 — Identification and Authentication Failures
2 2026‑05‑12 CVE‑2026‑43992 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures
3 2026‑05‑12 CVE‑2026‑42260 MCP05 — Command Injection & Execution A10 — SSRF
4 2026‑05‑12 CVE‑2026‑45781 MCP02 — Privilege Escalation via Scope Creep A05 — Security Misconfiguration
5 2026‑05‑11 CVE‑2026‑45001 MCP04 — Software Supply Chain Attacks & Dependency Tampering A01 — Broken Access Control
6 2026‑05‑11 CVE‑2026‑44998 MCP03 — Tool Poisoning A01 — Broken Access Control
7 2026‑05‑11 CVE‑2026‑44995 MCP05 — Command Injection & Execution A08 — Software and Data Integrity Failures
8 2026‑05‑11 CVE‑2026‑43901 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
9 2026‑05‑11 CVE‑2026‑44427 MCP07 — Insufficient Authentication & Authorization A01 — Broken Access Control
10 2026‑05‑11 CVE‑2026‑44428 MCP07 — Insufficient Authentication & Authorization A07 — Identification and Authentication Failures
11 2026‑05‑11 CVE‑2026‑44429 MCP05 — Command Injection & Execution A03 — Injection
12 2026‑05‑11 CVE‑2026‑44430 MCP05 — Command Injection & Execution A10 — SSRF
13 2026‑05‑10 CVE‑2026‑7738 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
14 2026‑05‑09 CVE‑2026‑7715 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
15 2026‑05‑09 CVE‑2026‑7728 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
16 2026‑05‑09 CVE‑2026‑7729 MCP05 — Command Injection & Execution A10 — SSRF
17 2026‑05‑08 CVE‑2026‑44694 MCP01 — Token Mismanagement & Secret Exposure A10 — SSRF
18 2026‑05‑08 CVE‑2026‑42282 MCP08 — Lack of Audit and Telemetry A09 — Security Logging and Monitoring Failures
19 2026‑05‑08 CVE‑2026‑41495 MCP08 — Lack of Audit and Telemetry A09 — Security Logging and Monitoring Failures
20 2026‑05‑08 CVE‑2026‑7627 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
21 2026‑05‑08 CVE‑2026‑7628 MCP05 — Command Injection & Execution A03 — Injection
22 2026‑05‑08 CVE‑2026‑7653 MCP05 — Command Injection & Execution A03 — Injection
23 2026‑05‑07 CVE‑2026‑42449 MCP01 — Token Mismanagement & Secret Exposure A10 — SSRF
24 2026‑05‑07 CVE‑2026‑7593 MCP05 — Command Injection & Execution A03 — Injection
25 2026‑05‑07 CVE‑2026‑7594 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
26 2026‑05‑07 CVE‑2026‑7599 MCP05 — Command Injection & Execution A03 — Injection
27 2026‑05‑07 CVE‑2026‑7600 MCP05 — Command Injection & Execution A03 — Injection
28 2026‑05‑06 CVE‑2026‑7443 MCP05 — Command Injection & Execution A03 — Injection
29 2026‑05‑06 CVE‑2026‑7446 MCP05 — Command Injection & Execution A03 — Injection
30 2026‑05‑05 CVE‑2026‑35228 MCP04 — Software Supply Chain Attacks & Dependency Tampering A03 — Injection
31 2026‑05‑05 CVE‑2026‑7386 MCP05 — Command Injection & Execution A03 — Injection
32 2026‑05‑04 CVE‑2026‑7730 MCP01 — Token Mismanagement & Secret Exposure A03 — Injection
33 2026‑05‑04 CVE‑2026‑42236 MCP07 — Insufficient Authentication & Authorization A04 — Insecure Design
34 2026‑05‑04 CVE‑2026‑42230 MCP07 — Insufficient Authentication & Authorization A01 — Broken Access Control
35 2026‑05‑02 CVE‑2026‑7272 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
36 2026‑05‑01 CVE‑2026‑7591 MCP01 — Token Mismanagement & Secret Exposure A03 — Injection
37 2026‑05‑01 CVE‑2026‑7237 MCP05 — Command Injection & Execution A03 — Injection
38 2026‑04‑30 CVE‑2026‑7205 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
39 2026‑04‑29 CVE‑2026‑7061 MCP05 — Command Injection & Execution A03 — Injection
40 2026‑04‑23 CVE‑2026‑40933 MCP04 — Software Supply Chain Attacks & Dependency Tampering A03 — Injection
41 2026‑04‑23 CVE‑2026‑30623 MCP05 — Command Injection & Execution A03 — Injection
42 2026‑04‑23 CVE‑2026‑6599 MCP05 — Command Injection & Execution A05 — Security Misconfiguration
43 2026‑04‑20 CVE‑2025‑66335 MCP05 — Command Injection & Execution A03 — Injection
44 2026‑04‑16 CVE‑2026‑39313 MCP05 — Command Injection & Execution A04 — Insecure Design
45 2026‑04‑15 CVE‑2026‑33224 MCP09 — Shadow MCP Servers A03 — Injection
46 2026‑04‑15 CVE‑2026‑30625 MCP09 — Shadow MCP Servers A03 — Injection
47 2026‑04‑15 CVE‑2026‑30624 MCP09 — Shadow MCP Servers A03 — Injection
48 2026‑04‑15 CVE‑2026‑30618 MCP09 — Shadow MCP Servers A03 — Injection
49 2026‑04‑15 CVE‑2026‑30617 MCP09 — Shadow MCP Servers A03 — Injection
50 2026‑04‑15 CVE‑2026‑30616 MCP09 — Shadow MCP Servers A03 — Injection
51 2026‑04‑15 CVE‑2026‑30615 MCP06 — Prompt Injection via Contextual Payloads A03 — Injection
52 2026‑04‑15 CVE‑2026‑26015 MCP09 — Shadow MCP Servers A03 — Injection
53 2026‑04‑15 CVE‑2026‑22688 MCP09 — Shadow MCP Servers A03 — Injection
54 2026‑04‑15 CVE‑2026‑22252 MCP09 — Shadow MCP Servers A03 — Injection
55 2026‑04‑14 CVE‑2026‑39884 MCP05 — Command Injection & Execution A03 — Injection
56 2026‑04‑13 CVE‑2026‑27826 MCP05 — Command Injection & Execution A10 — SSRF
57 2026‑04‑12 CVE‑2026‑40576 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
58 2026‑04‑11 CVE‑2026‑5833 MCP05 — Command Injection & Execution A03 — Injection
59 2026‑04‑10 CVE‑2026‑5059 MCP05 — Command Injection & Execution A03 — Injection
60 2026‑04‑10 CVE‑2026‑5058 MCP07 — Insufficient Authentication & Authorization A03 — Injection
61 2026‑04‑10 CVE‑2026‑40159 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures
62 2026‑04‑09 CVE‑2026‑39974 MCP05 — Command Injection & Execution A10 — SSRF
63 2026‑04‑08 CVE‑2026‑39885 MCP05 — Command Injection & Execution A10 — SSRF
64 2026‑04‑07 CVE‑2026‑35568 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
65 2026‑04‑07 CVE‑2026‑34200 MCP07 — Insufficient Authentication & Authorization A07 — Identification and Authentication Failures
66 2026‑04‑07 CVE‑2026‑35402 MCP02 — Privilege Escalation via Scope Creep A10 — SSRF
67 2026‑04‑03 CVE‑2026‑27124 MCP07 — Insufficient Authentication & Authorization A01 — Broken Access Control
68 2026‑04‑02 CVE‑2026‑34742 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
69 2026‑04‑02 CVE‑2026‑32871 MCP02 — Privilege Escalation via Scope Creep A10 — SSRF
70 2026‑04‑02 CVE‑2026‑5323 MCP05 — Command Injection & Execution A10 — SSRF
71 2026‑03‑31 CVE‑2026‑34237 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
72 2026‑03‑30 CVE‑2026‑33032 MCP05 — Command Injection & Execution A07 — Identification and Authentication Failures
73 2026‑03‑29 CVE‑2026‑5023 MCP05 — Command Injection & Execution A03 — Injection
74 2026‑03‑28 CVE‑2026‑5007 MCP02 — Privilege Escalation via Scope Creep A03 — Injection
75 2026‑03‑27 CVE‑2026‑33980 MCP05 — Command Injection & Execution A03 — Injection
76 2026‑03‑27 CVE‑2026‑33946 MCP01 — Token Mismanagement & Secret Exposure A07 — Identification and Authentication Failures
77 2026‑03‑27 CVE‑2026‑31951 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures
78 2026‑03‑27 CVE‑2026‑33989 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
79 2026‑03‑23 CVE‑2026‑33252 MCP07 — Insufficient Authentication & Authorization A01 — Broken Access Control
80 2026‑03‑20 CVE‑2026‑4496 MCP05 — Command Injection & Execution A03 — Injection
81 2026‑03‑16 CVE‑2026‑4270 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
82 2026‑03‑16 CVE‑2026‑4198 MCP05 — Command Injection & Execution A03 — Injection
83 2026‑03‑13 CVE‑2026‑31944 MCP07 — Insufficient Authentication & Authorization A07 — Identification and Authentication Failures
84 2026‑03‑13 CVE‑2026‑26118 MCP05 — Command Injection & Execution A10 — SSRF
85 2026‑03‑13 CVE‑2026‑30861 MCP09 — Shadow MCP Servers A08 — Software and Data Integrity Failures
86 2026‑03‑10 CVE‑2026‑27825 MCP05 — Command Injection & Execution A01 — Broken Access Control
87 2026‑02‑26 CVE‑2026‑27896 MCP04 — Software Supply Chain Attacks & Dependency Tampering A04 — Insecure Design
88 2026‑02‑25 CVE‑2026‑27735 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
89 2026‑02‑18 CVE‑2026‑25546 MCP05 — Command Injection & Execution A03 — Injection
90 2026‑02‑08 CVE‑2026‑2178 MCP05 — Command Injection & Execution A03 — Injection
91 2026‑02‑06 CVE‑2026‑25650 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures
92 2026‑02‑04 CVE‑2026‑25536 MCP10 — Context Injection & Over-Sharing A01 — Broken Access Control
93 2026‑01‑22 CVE‑2026‑0756 MCP07 — Insufficient Authentication & Authorization A03 — Injection
94 2026‑01‑21 CVE‑2026‑22792 MCP05 — Command Injection & Execution A03 — Injection
95 2026‑01‑21 CVE‑2026‑21852 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures
96 2026‑01‑16 CVE‑2026‑23744 MCP09 — Shadow MCP Servers A07 — Identification and Authentication Failures
97 2026‑01‑12 CVE‑2025‑66689 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
98 2026‑01‑09 CVE‑2026‑0755 MCP06 — Prompt Injection via Contextual Payloads A03 — Injection
99 2026‑01‑07 CVE‑2025‑9611 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
100 2026‑01‑07 CVE‑2025‑67366 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
101 2026‑01‑05 CVE‑2026‑0621 MCP05 — Command Injection & Execution A04 — Insecure Design

2025

S.No Date CVE OWASP MCP Top 10 (2025) Affected product
1 2026‑05‑12 CVE‑2025‑69443 MCP05 — Command Injection & Execution A03 — Injection
2 2026‑05‑12 CVE‑2025‑65719 MCP01 — Token Mismanagement & Secret Exposure A03 — Injection
3 2026‑04‑15 CVE‑2025‑65720 MCP09 — Shadow MCP Servers A03 — Injection
4 2025‑12‑30 CVE‑2025‑69256 MCP05 — Command Injection & Execution A03 — Injection
5 2025‑12‑17 CVE‑2025‑68145 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
6 2025‑12‑17 CVE‑2025‑68144 MCP05 — Command Injection & Execution A03 — Injection
7 2025‑12‑17 CVE‑2025‑68143 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
8 2025‑12‑09 CVE‑2025‑65513 MCP01 — Token Mismanagement & Secret Exposure A10 — SSRF
9 2025‑12‑03 CVE‑2025‑66404 MCP05 — Command Injection & Execution A03 — Injection
10 2025‑12‑03 CVE‑2025‑64443 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
11 2025‑12‑03 CVE‑2025‑20381 MCP05 — Command Injection & Execution A03 — Injection
12 2025‑12‑02 CVE‑2025‑66416 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
13 2025‑12‑02 CVE‑2025‑66414 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
14 2025‑12‑01 CVE‑2025‑66401 MCP05 — Command Injection & Execution A03 — Injection
15 2025‑11‑18 CVE‑2025‑63604 MCP05 — Command Injection & Execution A03 — Injection
16 2025‑11‑18 CVE‑2025‑63603 MCP05 — Command Injection & Execution A03 — Injection
17 2025‑11‑18 CVE‑2025‑59944 MCP04 — Software Supply Chain Attacks & Dependency Tampering A08 — Software and Data Integrity Failures
18 2025‑11‑15 CVE‑2025‑61260 MCP04 — Software Supply Chain Attacks & Dependency Tampering A03 — Injection
19 2025‑10‑29 CVE‑2025‑64132 MCP07 — Insufficient Authentication & Authorization A01 — Broken Access Control
20 2025‑10‑20 CVE‑2025‑6515 MCP01 — Token Mismanagement & Secret Exposure A07 — Identification and Authentication Failures
21 2025‑10‑12 CVE‑2025‑59163 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
22 2025‑10‑08 CVE‑2025‑53967 MCP05 — Command Injection & Execution A03 — Injection
23 2025‑10‑08 CVE‑2025‑11445 MCP06 — Prompt Injection via Contextual Payloads A08 — Software and Data Integrity Failures
24 2025‑10‑03 CVE‑2025‑59536 MCP04 — Software Supply Chain Attacks & Dependency Tampering A08 — Software and Data Integrity Failures
25 2025‑09‑30 CVE‑2025‑59956 MCP10 — Context Injection & Over-Sharing A05 — Security Misconfiguration
26 2025‑09‑24 CVE‑2025‑59834 MCP05 — Command Injection & Execution A03 — Injection
27 2025‑09‑22 CVE‑2025‑59528 MCP05 — Command Injection & Execution A03 — Injection
28 2025‑09‑16 CVE‑2025‑59333 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
29 2025‑09‑11 CVE‑2025‑10193 MCP07 — Insufficient Authentication & Authorization A05 — Security Misconfiguration
30 2025‑09‑08 CVE‑2025‑58444 MCP05 — Command Injection & Execution A03 — Injection
31 2025‑09‑08 CVE‑2025‑54994 MCP04 — Software Supply Chain Attacks & Dependency Tampering A03 — Injection
32 2025‑08‑02 CVE‑2025‑54136 MCP04 — Software Supply Chain Attacks & Dependency Tampering A08 — Software and Data Integrity Failures
33 2025‑07‑21 CVE‑2025‑53832 MCP05 — Command Injection & Execution A03 — Injection
34 2025‑07‑18 CVE‑2025‑54073 MCP05 — Command Injection & Execution A03 — Injection
35 2025‑07‑14 CVE‑2025‑53818 MCP05 — Command Injection & Execution A03 — Injection
36 2025‑07‑09 CVE‑2025‑6514 MCP01 — Token Mismanagement & Secret Exposure A03 — Injection
37 2025‑07‑08 CVE‑2025‑53372 MCP05 — Command Injection & Execution A03 — Injection
38 2025‑07‑08 CVE‑2025‑53355 MCP05 — Command Injection & Execution A03 — Injection
39 2025‑07‑04 CVE‑2025‑53365 MCP07 — Insufficient Authentication & Authorization A04 — Insecure Design
40 2025‑07‑02 CVE‑2025‑53110 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
41 2025‑07‑02 CVE‑2025‑53109 MCP02 — Privilege Escalation via Scope Creep A01 — Broken Access Control
42 2025‑07‑02 CVE‑2025‑34072 MCP10 — Context Injection & Over-Sharing A02 — Cryptographic Failures
43 2025‑07‑01 CVE‑2025‑53107 MCP05 — Command Injection & Execution A03 — Injection
44 2025‑06‑13 CVE‑2025‑49596 MCP05 — Command Injection & Execution A07 — Identification and Authentication Failures
45 2025‑05‑12 CVE‑2025‑47274 MCP01 — Token Mismanagement & Secret Exposure A02 — Cryptographic Failures

CVE Information schema (template)

Field Value
CVE / NVD CVE-YYYY-NNNNN
Date (index) YYYY-MM-DD
Affected product (index)
GHSA ID
GHSA category <short label or N/A>
Published / disclosed YYYY-MM-DD
Ecosystem <e.g. npm, PyPI — or omit row>
Component <specific component — or omit row>
EPSS score
CVSS score <score + version — or omit row>
CWE CWE-…
Affected versions
Fixed versions
Fix status <Patched / Unfixed / unknown / …>
Exploit status <Public advisory / PoC / …>
Notes <optional — or omit row>

Contribution Rules for This Section

Use these rules in your repository contribution guide:

A vulnerability entry must include:
- CVE ID and GHSA ID, if available.
- Affected component and version.
- Fixed version or mitigation.
- Severity and source.
- Root cause category.
- Exploit / PoC safety label.
- At least one official reference.
- Defensive notes.

Do not submit:
- Unverified rumors as confirmed CVEs.
- Working exploit payloads in the README.
- Duplicate advisories without linking aliases.
- Vulnerabilities that merely mention “MCP” but have no MCP security relevance.

Yorumlar (0)

Sonuc bulunamadi