Public story · 2026-03-12 · source-backed
CVE-2026-26118: First MCP Server Infrastructure CVE.
Story
Azure MCP Server SSRF (CVSS 8.8). A malicious URL instead of an Azure resource identifier leaks the managed identity token, granting access to any Azure resource the MCP Server can reach. MCP is transitioning from a protocol curiosity to a security perimeter. TheHackerWire
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / What happened next
CVE-2026-26118: Azure MCP Server SSRF Steals Managed Identity Tokens.
Both cover Azure, CVE, MCP, TheHackerWire; cite the same source (TheHackerWire); overlapping topics (azure, cve-2026-26118, identity, managed, server).
Shared entities / Shared topic / What happened next
MCPwned: Azure MCP SSRF Chain Leads to Full Tenant Credential Takeover.
Both cover Azure, CVE, CVSS, MCP; overlapping topics (access, azure, cve-2026-26118, server); picks up the Azure thread on 2026-03-19.
Shared entities / Shared topic / What happened next / Tension
MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth
Both cover Azure, CVE, CVSS, MCP; overlapping topics (azure, server); picks up the Azure thread on 2026-03-23.
Shared entities / Same source domain / Shared topic / What happened next
CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories
Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (access, cvss, maliciou).
Shared entities / Shared topic / What happened next
CVE-2026-27825: CVSS 10.0 Unauthenticated RCE in mcp-atlassian MCP Server
Both cover CVE, CVSS, MCP, MCP Server; overlapping topics (cvss, server); picks up the CVE thread on 2026-03-20.
Shared entities / Same source domain / Shared topic / What happened next
MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10
Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (azure, cvss).
CVE-2026-4496: OS Command Injection in Git-MCP-Server
Both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com); overlapping topics (access, cvss).
Shared entities / Shared topic / What happened next
The official MCP TypeScript SDK leaked data across clients
Both cover CVE, CVSS, MCP; overlapping topics (cvss, leak, server); picks up the CVE thread on 2026-07-01.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-12
- AI generated
- no
- Story unit
- 2026-03-12-cve-2026-26118-first-mcp-server-infrastructure-cve
- Labels
- source-backed, canonical briefing excerpt