Agents
BlueRock 'MCP fURI': SSRF in Microsoft MarkItDown MCP yields AWS credential theft
BlueRock detailed an SSRF flaw ('MCP fURI') in Microsoft's MarkItDown MCP server: supplying a crafted URI lets an attacker hit the cloud instance metadata endpoint and pull the EC2 role's AWS access/secret keys, potentially escalating to full account control. BlueRock's wider scan of ~7,000 public MCP servers found 36.7% SSRF-exposed, 41% requiring no auth, 53% of authenticated servers on static keys, and only 8.5% on OAuth. The takeaway for builders: MCP failures live inside tool execution flows, not just the gateway — audit the tools, not only the connection.
Source
↳ Follow the thread