Vibe Coding
Pattern: MCP Exposed Server Count Nearly Triples to 1,467 — Security Auditing Cannot Keep Pace With Ecosystem Growth
Trend Micro reports the number of internet-exposed MCP servers has nearly tripled to 1,467, with multiple CVSS 9.8 vulnerabilities enabling cloud takeover and command injection. CVE-2026-44284 (FastGPT MCP tool URL handling, CVSS 6.3) was disclosed May 8; CVE-2026-33032 (nginx-ui MCP endpoint, CVSS 9.8) enables unauthenticated full takeover. The structural issue: MCP's rapid adoption outpaces security review, and most servers lack transport-layer isolation or centralized governance. Builders adding MCP servers to their coding agents should audit internet exposure and enforce strict allow-listing.
Source
↳ Follow the thread