← The Wire

Security2026-06-08 · source-backed

MCP's attack surface keeps widening: 1,467 exposed servers, 67 CVEs from one automated sweep.

Confidence
source-backed
Sources
1
Redaction
redacted

Story

Trend Micro's follow-up counted 1,467 publicly exposed MCP servers with CVSS 9.8 command-injection flaws in unofficial AWS and Azure MCP servers. Censys found 12,520 internet-accessible MCP services, most unauthenticated. An automated VIPER-MCP sweep of ~40,000 repos produced 67 CVEs. Treat every remote MCP server as a remote-code-execution surface, not a tool list. Put auth in front of all of them and pull the unauthenticated ones off the public internet. Most operators still haven't.


Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / Earlier coverage / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover Azure MCP, CVEs, CVSS, MCP; overlapping topics (auth, azure, cves, found, server); earlier Azure MCP coverage from 2026-03-23.

  2. Shared entities / Shared topic / What happened next

    The MCP supply chain has a hole in the floor, and it's being exploited right now

    Both cover Censys, CVEs, CVSS, MCP; overlapping topics (auth, flaw, server); picks up the Censys thread on 2026-06-17.

  3. Shared entities / Shared topic / Earlier coverage

    MCP server sprawl is now the dominant agent supply-chain risk: 12,520 exposed services, ~40% with no auth.

    Both cover Censys, CVEs, MCP, VIPER; overlapping topics (auth, censy, counted, cves, server); earlier Censys coverage from 2026-06-05.

  4. MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10

    Both cover CVEs, CVSS, MCP, Treat; overlapping topics (azure, cves, cvss); earlier CVEs coverage from 2026-04-04.

  5. The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework

    Both cover CVEs, CVSS, MCP, Treat; overlapping topics (attack, cves); earlier CVEs coverage from 2026-03-05.

  6. Shared entities / Shared topic / What happened next / Tension

    The config file is the new attack surface, across every IDE.

    Both cover CVEs, MCP, VIPER; overlapping topics (attack, cves); picks up the CVEs thread on 2026-06-26.

  7. Shared entities / Shared topic / Earlier coverage

    MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.

    Both cover CVEs, CVSS, MCP; overlapping topics (cves, cvss, server); earlier CVEs coverage from 2026-05-11.

  8. MCPwned: 30 CVEs in 60 Days.

    Both cover Azure MCP, CVEs, MCP; overlapping topics (azure, cves, server); earlier Azure MCP coverage from 2026-03-17.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-08-mcp-s-attack-surface-keeps-widening-1-467-exposed-servers-67-cves-from-one-automated-sweep
Labels
source-backed, canonical briefing excerpt