Vibe Coding
Bug Hunter Finds 3 Critical MCP Database Server Flaws — Alibaba Declines to Patch
A security researcher discovered vulnerabilities in MCP servers for Apache Doris (unintended SQL execution), Alibaba RDS (sensitive metadata exfiltration), and Apache Pinot (potential full takeover on internet-exposed instances). Apache issued a patch and CVE for Doris, but Alibaba declined to fix its RDS MCP flaw. Exposed MCP servers have nearly tripled to 1,467, with up to 200,000 vulnerable instances across the ecosystem — a direct risk for any team running MCP-connected coding agents.
Source
↳ Follow the thread