← The Wire

Public story · 2026-03-01 · source-backed

MCP Server Security Audit: 14 Critical/High Across 194 Packages

Confidence
source-backed
Sources
2
Redaction
passed

Story

AgentAudit audited 194 MCP server packages and found 118 total findings: 5 critical (command injection via unsanitized prompt input), 9 high (credential leakage through logs/LLM context), 63 medium, 41 low. Submit your packages for audit at agentaudit.dev.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source domain / Shared topic / Earlier coverage

    MCP eval() Epidemic Reaches 30+ CVEs

    Both cover AgentAudit, MCP; reported by the same outlet (dev.to); overlapping topics (audit, critical, input, packag, server).

  2. Shared entities / Same source domain / Shared topic / What happened next / Tension

    10 actionable skills from today's findings:

    Both cover LLM, MCP; reported by the same outlet (dev.to); overlapping topics (context, server).

  3. Shared entities / Shared topic / What happened next

    43% of MCP Servers Vulnerable to Command Execution — 8 Confirmed Incidents This Month

    Both cover LLM, MCP; overlapping topics (command, finding, injection, server); picks up the LLM thread on 2026-03-15.

  4. Shared entities / Shared topic / Earlier coverage

    Scan MCP Servers Free with Enkrypt AI (Beginner, 10 min)

    Both cover MCP, Submit; overlapping topics (command, critical, injection, server); earlier MCP coverage from 2026-02-23.

  5. Shared entity: MCP / Same source domain / Shared topic / What happened next

    MCP CVEs Hit 30 — Attack Surface Expanding to Developers

    Both cover MCP; reported by the same outlet (dev.to); overlapping topics (audit, command, injection, server).

  6. Shared entities / What happened next

    Skills to Practice Today

    Both cover Critical, LLM, MCP; picks up the Critical thread on 2026-03-03.

  7. Shared entity: MCP / Shared topic / What happened next

    MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.

    Both cover MCP; overlapping topics (audit, command, critical, injection, server); picks up the MCP thread on 2026-05-11.

  8. Shared entity: MCP / Shared topic / Earlier coverage / Tension

    Agent Security (Priority: +2.0)

    Both cover MCP; overlapping topics (audit, credential, injection, input); earlier MCP coverage from 2026-02-21.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-01-mcp-server-security-audit-14-critical-high-across-194-packages
Labels
source-backed, canonical briefing excerpt