← The Wire

Public story · 2026-03-12 · source-backed

CVE-2026-26118: First MCP Server Infrastructure CVE.

Confidence
source-backed
Sources
1
Redaction
passed

Story

Azure MCP Server SSRF (CVSS 8.8). A malicious URL instead of an Azure resource identifier leaks the managed identity token, granting access to any Azure resource the MCP Server can reach. MCP is transitioning from a protocol curiosity to a security perimeter. TheHackerWire

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic / What happened next

    CVE-2026-26118: Azure MCP Server SSRF Steals Managed Identity Tokens.

    Both cover Azure, CVE, MCP, TheHackerWire; cite the same source (TheHackerWire); overlapping topics (azure, cve-2026-26118, identity, managed, server).

  2. Shared entities / Shared topic / What happened next

    MCPwned: Azure MCP SSRF Chain Leads to Full Tenant Credential Takeover.

    Both cover Azure, CVE, CVSS, MCP; overlapping topics (access, azure, cve-2026-26118, server); picks up the Azure thread on 2026-03-19.

  3. Shared entities / Shared topic / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover Azure, CVE, CVSS, MCP; overlapping topics (azure, server); picks up the Azure thread on 2026-03-23.

  4. Shared entities / Same source domain / Shared topic / What happened next

    CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories

    Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (access, cvss, maliciou).

  5. Shared entities / Shared topic / What happened next

    CVE-2026-27825: CVSS 10.0 Unauthenticated RCE in mcp-atlassian MCP Server

    Both cover CVE, CVSS, MCP, MCP Server; overlapping topics (cvss, server); picks up the CVE thread on 2026-03-20.

  6. Shared entities / Same source domain / Shared topic / What happened next

    MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10

    Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (azure, cvss).

  7. CVE-2026-4496: OS Command Injection in Git-MCP-Server

    Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (access, cvss).

  8. Shared entities / Shared topic / What happened next

    The official MCP TypeScript SDK leaked data across clients

    Both cover CVE, CVSS, MCP; overlapping topics (cvss, leak, server); picks up the CVE thread on 2026-07-01.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-12-cve-2026-26118-first-mcp-server-infrastructure-cve
Labels
source-backed, canonical briefing excerpt
CVE-2026-26118: First MCP Server Infrastructure CVE. | MindPattern