{"id":60648,"date":"2026-05-13T20:17:24","date_gmt":"2026-05-13T20:17:24","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5238916"},"modified":"2026-05-13T20:17:24","modified_gmt":"2026-05-13T20:17:24","slug":"bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/","title":{"rendered":"Bug hunter tracks down three massive MCP flaws and one vendor won&#8217;t fix theirs"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/5239946.jpg?imageId=5239946&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" class=\"ff-og-image-inserted\"><\/div>\n<div data-element-guid=\"d11159dd-82a3-4c53-901c-d41dec75505c\" readability=\"31.97247706422\">\n<p class=\"kicker \">Security<\/p>\n<p class=\"subtitle \">Apache, Alibaba databases vulnerable and only one has a patch&nbsp;<\/p>\n<\/p><\/div>\n<div data-element-guid=\"4c9dc5d9-c886-4348-bf4a-01d0dc71377d\" readability=\"152.02603036876\">\n<p>Security vulnerabilities in MCP servers for three popular database projects could let attackers execute unintended SQL statements on Apache Doris, exfiltrate sensitive metadata from Alibaba RDS, and potentially take over Apache Pinot instances exposed to the internet. Alibaba, meanwhile, declined to patch its flaw.<\/p>\n<p>Apache issued a patch and a CVE tracker for Doris MCP, and there\u2019s an open ticket in the MCP Pinot Github repository for the flaw, we&#8217;re told. However, Alibaba decided not to patch the vulnerability in RDS MCP, according to Akamai security analyst Tomer Peled, who <a href=\"https:\/\/www.akamai.com\/blog\/security-research\/one-fluke-3-pattern-mcp-back-end-vulnerabilities\" rel=\"nofollow\">wrote about the flaws<\/a> on Tuesday and will present his full research next month at <a href=\"https:\/\/www.x33fcon.com\/#!index.md\" rel=\"nofollow\">x33fcon<\/a>.<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/software\/2025\/04\/21\/a-friendly-introduction-to-mcp-the-usb-of-ai\/1105570\">MCP<\/a>, or Model Context Protocol, is an open source protocol originally developed by Anthropic that allows LLMs, AI applications, and agents to connect to external data, systems, and one another.<\/p>\n<div data-element-guid=\"afe083ca-6701-48e9-9bd8-f8827dd7fb42\" class=\"lab4 column articleList layout_vertical imageLayout_left small-12 large-4 small-abs-12 large-abs-4 abs_grid_4 desktop-floatLeft mobile-floatLeft grid-vas-start mobile-grid-vas-start\">\n<div class=\"content border_width_0 border_width_mobile_0 border-radius-48 border-radius-mobile_48\">\n<h2 class=\"article-list-title t19 font-RobotoCondensed\">MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n<p>While <a href=\"https:\/\/www.theregister.com\/security\/2026\/04\/19\/ai-vendors-response-to-security-flaws-it-wasnt-me\/5228722\">security issues are never a good thing<\/a> &#8211; and they are <a href=\"https:\/\/www.theregister.com\/security\/2026\/04\/16\/mcp-design-flaw-puts-200k-servers-at-risk-researcher\/5222022\">especially concerning<\/a> when they exist in a <a href=\"https:\/\/www.theregister.com\/security\/2026\/01\/20\/anthropic-quietly-fixed-flaws-in-its-git-mcp-server\/4676059\">server sitting between an AI agent<\/a> and a production database, these in particular point to a larger problem in the way MCPs are developed.&nbsp;<\/p>\n<p>\u201cThere is missing or faulty security validation between the MCP server and its back end,\u201d Peled wrote, adding that these security \u201cgaps will become high-value targets for attackers and we expect more of these issues to surface.\u201d<\/p>\n<p>Here\u2019s a closer look at all three, starting with the flaw that has since been fixed and assigned a CVE.<\/p>\n<p><a href=\"https:\/\/doris.apache.org\/\" rel=\"nofollow\">Apache Doris<\/a> is a high-speed analytics and search database with more than 10,000 mid- and large-enterprise users. Its MCP server allows AI agents to interact with and perform operations on Doris instances. This includes SQL queries or retrieving table and schema metadata &#8211; and foreshadows the found flaw: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-66335\" rel=\"nofollow\">CVE-2025-66335<\/a>, a SQL injection vulnerability, that affects Apache Doris MCP Server versions earlier than 0.6.1.<\/p>\n<p>When an MCP tool is called, the server\u2019s \u201cexec_query\u201d function fails to validate one of the five parameters (the db_name parameter) before constructing the SQL query. This means an attacker can invoke the function and inject malicious SQL through the&nbsp;db_name&nbsp;parameter, which gets prepended to the beginning of the final SQL statement. Plus, the SQL validator only checks the first portion of the query, so all it sees is the attacker\u2019s directive.<\/p>\n<p>\u201cAs a result, any attacker that gains access to a client connected to the Doris MCP server can execute arbitrary commands on the victim\u2019s Apache Doris instance,\u201d Peled said.<\/p>\n<p>Apache issued a patch in December to fix this flaw.&nbsp;<\/p>\n<p>The second issue, an authentication validation bypass in Apache Pinot MCP, can also lead to SQL injection attacks and full database takeover.<\/p>\n<p><a href=\"https:\/\/pinot.apache.org\/\" rel=\"nofollow\">Apache Pinot<\/a> is another super-fast analytics database, and <a href=\"https:\/\/startree.ai\/resources\/startree-mcp-server-for-apache-pinot\/\" rel=\"nofollow\">StarTree\u2019s MCP integration for Pinot<\/a> before v2.0.0 allowed users to run queries directly from their AI agent against their Pinot instance.&nbsp;<\/p>\n<p>The open-source project uses HTTP as the transport layer without requiring any type of authentication. This exposes the endpoint to remote attackers who can reach it, allowing them to invoke MCP tools, including those used for SQL execution.<\/p>\n<p>\u201cIn environments where the MCP endpoint is reachable externally, this behavior allows unauthenticated attackers to execute queries against the Pinot instance, which can allow a full remote takeover of the database,\u201d Peled wrote.<\/p>\n<p>StarTree has since added OAuth as an authentication option when using HTTP, which he says lowers the threat of SQL injection (but it still exists in the code), and Apache has also opened a security issue in the MCP Pinot github repository. Pinot MCP v1.1.0 and earlier versions are affected.<\/p>\n<p>Neither Apache nor StarTree responded to <span data-lab-italic=\"italic\" class=\"italic m-italic\">The Register<\/span>\u2019s requests for comment.<\/p>\n<p>The third security flaw, an information disclosure issue in the <a href=\"https:\/\/www.alibabacloud.com\/en\/rds?_p_lc=1\" rel=\"nofollow\">Alibaba RDS<\/a> MCP server, also stems from the server not authenticating users before invoking the retrieval-augmented generation (RAG) MCP tool, which allows AI models to connect with and query databases.&nbsp;<\/p>\n<p>This means \u201cany client able to reach the MCP endpoint can issue requests to the server without any query validation,\u201d according to Peled. \u201cThe vector index may contain table names, schema definitions, or other potentially sensitive metadata, and unauthenticated attackers can exfiltrate this data with little or no effort.&#8221;<\/p>\n<p>All versions of&nbsp;Alibaba RDS MCP are affected by this vuln.<\/p>\n<p>The bug hunter says that he reported the issue to Alibaba in November, and the cloud giant told him the issue is \u201cnot applicable\u201d for a fix &#8211; so it\u2019s still in the codebase. Akamai also reported this inaction to the <a href=\"https:\/\/kb.cert.org\/vuls\/\" rel=\"nofollow\">CERT Coordination Center (CERT\/CC)<\/a>.<\/p>\n<p>Alibaba did not respond to <span data-lab-italic=\"italic\" class=\"italic m-italic\">The Registe<\/span>r\u2019s inquiries.<\/p>\n<p>Peled said that the threat-hunting team, upon starting this investigation, assumed that there would be some baseline security specification for all MCP servers. Turns out they were wrong, and as the research found, flaws like SQL injection, missing authentication, and insufficient query validation exist in the code.<\/p>\n<p>\u201cThis means that more attention should be given not just to the specification but also to the best security practices guides when developing secure MCP servers,\u201d he wrote.\u00ae<\/p>\n<\/p><\/div>\n<p><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/?imageId=5239946&#038;width=800\">READ MORE <a href=\"https:\/\/www.theregister.com\/security\/2026\/05\/13\/bug-hunter-tracks-down-three-serious-mcp-database-flaws-one-left-unpatched\/5238916\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apache, Alibaba databases vulnerable and only one has a patch READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60649,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[307],"class_list":["post-60648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Bug hunter tracks down three massive MCP flaws and one vendor won&#039;t fix theirs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bug hunter tracks down three massive MCP flaws and one vendor won&#039;t fix theirs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-13T20:17:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/5239946.jpg?imageId=5239946&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Bug hunter tracks down three massive MCP flaws and one vendor won&#8217;t fix theirs\",\"datePublished\":\"2026-05-13T20:17:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/\"},\"wordCount\":875,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg\",\"keywords\":[\"Security\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/\",\"name\":\"Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg\",\"datePublished\":\"2026-05-13T20:17:24+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg\",\"width\":100,\"height\":56},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Bug hunter tracks down three massive MCP flaws and one vendor won&#8217;t fix theirs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/","og_locale":"en_US","og_type":"article","og_title":"Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-13T20:17:24+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/5239946.jpg?imageId=5239946&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Bug hunter tracks down three massive MCP flaws and one vendor won&#8217;t fix theirs","datePublished":"2026-05-13T20:17:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/"},"wordCount":875,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg","keywords":["Security"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/","url":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/","name":"Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg","datePublished":"2026-05-13T20:17:24+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs.jpg","width":100,"height":56},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/bug-hunter-tracks-down-three-massive-mcp-flaws-and-one-vendor-wont-fix-theirs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.threatshub.org\/blog\/tag\/security\/"},{"@type":"ListItem","position":3,"name":"Bug hunter tracks down three massive MCP flaws and one vendor won&#8217;t fix theirs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60648"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60648\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60649"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}