Vibe Coding
MCP Server Exposure Widens: Trend Micro Counts 1,467 Exposed Servers, VIPER-MCP Sweep Yields 67 CVEs
June 2026 scans show MCP's security surface still expanding: Trend Micro's follow-up counted 1,467 publicly exposed MCP servers with CVSS 9.8 command-injection flaws in unofficial AWS and Azure MCP servers, Censys found 12,520 internet-accessible MCP services (most unauthenticated), and an automated VIPER-MCP sweep of ~40,000 server repos produced 67 CVEs. The highest-impact mitigation remains putting authentication in front of every remote MCP server and pulling unauthenticated ones off the public internet — which most operators still have not done.
Source
↳ Follow the thread