Security2026-06-08 · source-backed
MCP's attack surface keeps widening: 1,467 exposed servers, 67 CVEs from one automated sweep.
Story
Trend Micro's follow-up counted 1,467 publicly exposed MCP servers with CVSS 9.8 command-injection flaws in unofficial AWS and Azure MCP servers. Censys found 12,520 internet-accessible MCP services, most unauthenticated. An automated VIPER-MCP sweep of ~40,000 repos produced 67 CVEs. Treat every remote MCP server as a remote-code-execution surface, not a tool list. Put auth in front of all of them and pull the unauthenticated ones off the public internet. Most operators still haven't.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage / Tension
MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth
Both cover Azure MCP, CVEs, CVSS, MCP; overlapping topics (auth, azure, cves, found, server); earlier Azure MCP coverage from 2026-03-23.
Shared entities / Shared topic / What happened next
The MCP supply chain has a hole in the floor, and it's being exploited right now
Both cover Censys, CVEs, CVSS, MCP; overlapping topics (auth, flaw, server); picks up the Censys thread on 2026-06-17.
Shared entities / Shared topic / Earlier coverage
MCP server sprawl is now the dominant agent supply-chain risk: 12,520 exposed services, ~40% with no auth.
Both cover Censys, CVEs, MCP, VIPER; overlapping topics (auth, censy, counted, cves, server); earlier Censys coverage from 2026-06-05.
MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10
Both cover CVEs, CVSS, MCP, Treat; overlapping topics (azure, cves, cvss); earlier CVEs coverage from 2026-04-04.
The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework
Both cover CVEs, CVSS, MCP, Treat; overlapping topics (attack, cves); earlier CVEs coverage from 2026-03-05.
Shared entities / Shared topic / What happened next / Tension
The config file is the new attack surface, across every IDE.
Both cover CVEs, MCP, VIPER; overlapping topics (attack, cves); picks up the CVEs thread on 2026-06-26.
Shared entities / Shared topic / Earlier coverage
MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.
Both cover CVEs, CVSS, MCP; overlapping topics (cves, cvss, server); earlier CVEs coverage from 2026-05-11.
MCPwned: 30 CVEs in 60 Days.
Both cover Azure MCP, CVEs, MCP; overlapping topics (azure, cves, server); earlier Azure MCP coverage from 2026-03-17.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 8, 2026
- AI generated
- no
- Story unit
- 2026-06-08-mcp-s-attack-surface-keeps-widening-1-467-exposed-servers-67-cves-from-one-automated-sweep
- Labels
- source-backed, canonical briefing excerpt