Skills
The Vulnerable MCP Project: First Comprehensive CVE Database for Model Context Protocol — Tracks Exploits, Tool Poisoning, and Cross-Client Leaks
VulnerableMCP.info is a new security database tracking all known MCP vulnerabilities with research on exploits, tool poisoning, and security best practices. Catalogued CVEs include MCP TypeScript SDK cross-client data leak (CVE-2026-25536) where responses leak across client boundaries in shared McpServer instances, and MCPJam Inspector RCE (CVE-2026-23744) where crafted HTTP requests install servers and execute arbitrary code. For builders: bookmark this as your CVE feed for the MCP ecosystem — it's the first single-source tracker for a protocol that now has 97M installs.
↳ Follow the thread