News
CSA Report: 36.7% of 7,000 MCP Servers Vulnerable to SSRF; Trend Micro Finds 492 with Zero Auth
The Cloud Security Alliance's March 13 State of Cloud and AI Security 2026 report analyzed over 7,000 MCP servers and found 36.7% potentially vulnerable to server-side request forgery. An independent Trend Micro analysis found 492 MCP servers with zero client authentication and zero traffic encryption. The findings arrive as MCP adoption accelerates rapidly, with builders frequently standing up servers without hardening — a pattern researchers warn mirrors early OAuth misconfigurations that led to widespread credential theft.
↳ Follow the thread