Fetching from the wire…
Security2026-07-15 · source-backed
Aggregated 2026 tracking from the Vulnerable MCP Project and Practical DevSecOps shows the MCP attack surface is now well-catalogued: command injection leads, with exposed-listener and SSRF classes close behind. (Practical DevSecOps) The upside of a catalogued attack surface is that pre-ship threat modeling against known classes is now table stakes, not guesswork. If you ship an MCP server, test it against command injection and SSRF before anyone else does it for you.
Each link below shares sources, entities, or timing with this story.
Anthropic released MCP / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Anthropic released MCP); both cover CVEs, MCP; overlapping topics (attack, class, command, cves, injection).
Claude Code uses MCP / Shared entities / Same source domain / Earlier coverage
Linked by a graph relationship (Claude Code uses MCP); both cover CVEs, MCP, Practical DevSecOps; reported by the same outlet (practical-devsecops.com).
OX Security criticizes MCP / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (OX Security criticizes MCP); both cover CVEs, MCP; overlapping topics (anyone, command, cves, injection).
OpenAI supports MCP / Shared entity: MCP / Same source / Shared topic / Earlier coverage
Linked by a graph relationship (OpenAI supports MCP); both cover MCP; cite the same source (Practical DevSecOps).
Cursor uses MCP / Shared entities / Shared topic / Earlier coverage / Tension
Linked by a graph relationship (Cursor uses MCP); both cover CVEs, MCP; overlapping topics (attack, cves).
Anthropic released MCP / Shared entities / Shared topic / Earlier coverage / Tension
Linked by a graph relationship (Anthropic released MCP); both cover CVEs, MCP; overlapping topics (cves, injection).
OX Security criticizes MCP / Shared entities / Same source domain / Earlier coverage
Linked by a graph relationship (OX Security criticizes MCP); both cover MCP, Practical DevSecOps; reported by the same outlet (practical-devsecops.com).
OX Security criticizes MCP / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (OX Security criticizes MCP); both cover CVEs, MCP; overlapping topics (command, cves).