Critical Flaw Exposes Code Execution Vulnerability in 25% of MCP Servers

Vaibhav May 5, 2026
www.news4hackers.com-critical-flaw-exposes-code-execution-vulnerability-in-25-of-mcp-servers-critical-flaw-exposes-code-execution-vulnerability-in-25-of-mcp-servers
Post Views: 1

Enterprise Deployments of AI Agents Lean on Two Extension Mechanisms that Introduce Risk at Different Layers of the Stack

As the adoption of artificial intelligence (AI) continues to grow in various industries, enterprises are increasingly relying on AI agents to automate tasks and improve efficiency.

Risks Introduced by MCP Servers and Skills

  • MCP servers and Skills are two extension mechanisms that introduce risks at different layers of the stack.
  • The lack of visibility into Skills, which operate within the agent’s reasoning context, creates an “observability gap” that makes it difficult for defenders to pinpoint the origin of malicious behavior.
  • Researchers analyzed hundreds of popular MCP servers and Skills against eight risky capability categories and found that the majority of widely used Skills carry at least one risky characteristic, and most MCPs deployed in organizations include high-risk capabilities.
  • Arbitrary code execution is common across the MCP landscape, and the single most prevalent risk across both mechanisms is the ability to change state or data.
According to researchers, five patterns of toxic combinations have been seen in the wild, each with a name attached to a real incident:• Sensitive data leakage, which involves untrusted input, sensitive data access, and external communication.• ForcedLeak, which exploits trusted data as an attack vector.• Supply-chain compromise, which pairs untrusted input with arbitrary code execution.• Replit’s coding agent deleting a production database holding more than 1,200 executive records.• Amazon Q VS Code extension being hijacked through a malicious GitHub pull request.

No Excessive CAP Framework

The researchers propose the No Excessive CAP framework, which focuses on controlling what can be controlled rather than trying to control everything.

  • Capabilities refer to what the agent can do, including every tool added and every Skill installed.
  • Autonomy refers to how much the agent decides on its own.
  • Permissions refer to whose identity the agent runs under.

The No Excessive CAP framework consists of three dimensions: capabilities, autonomy, and permissions.

  • Allowlisting to prefer narrow tools over broad ones.
  • Pinning MCP server versions to prevent silent updates to poisoned releases.
  • Approval gates on irreversible work, calibrated against capability, to ensure that high-blast-radius actions cannot complete without a person in the loop.
  • Delegated, user-scoped credentials that expire to avoid giving agents broad access.

By understanding the risks associated with MCP servers and Skills, defenders can take steps to mitigate those risks and protect their organizations from potential threats.




About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-can-ai-code-analysis-detect-security-vulnerabilities--can-ai-code-analysis-detect-security-vulnerabilities-

Can AI Code Analysis Detect Security Vulnerabilities?

Vaibhav May 5, 2026
www.news4hackers.com-sophisticated-phishing-attacks-on-the-rise-with-amazon-ses-exploitation-sophisticated-phishing-attacks-on-the-rise-with-amazon-ses-exploitation

Sophisticated Phishing Attacks on the Rise with Amazon SES Exploitation

Vaibhav May 5, 2026
www.news4hackers.com-muzaffarpur-high-court-judge-scam-uncovered-a-rise-in-sophisticated-cyber-frauds-muzaffarpur-high-court-judge-scam-uncovered-a-rise-in-sophisticated-cyber-frauds

Muzaffarpur High Court Judge Scam Uncovered: A Rise in Sophisticated Cyber Frauds

Vaibhav May 5, 2026

Latest Cyber Security News

www.news4hackers.com-critical-flaw-exposes-code-execution-vulnerability-in-25-of-mcp-servers-critical-flaw-exposes-code-execution-vulnerability-in-25-of-mcp-servers

Critical Flaw Exposes Code Execution Vulnerability in 25% of MCP Servers

Vaibhav May 5, 2026
www.news4hackers.com-can-ai-code-analysis-detect-security-vulnerabilities--can-ai-code-analysis-detect-security-vulnerabilities-

Can AI Code Analysis Detect Security Vulnerabilities?

Vaibhav May 5, 2026
www.news4hackers.com-meta-enhances-encrypted-backups-with-proof-based-security-features-meta-enhances-encrypted-backups-with-proof-based-security-features

Meta Enhances Encrypted Backups with Proof-Based Security Features

Vaibhav May 5, 2026
www.news4hackers.com-bijnor-woman-commits-suicide-amidst-allegations-of-digital-payment-scam-bijnor-woman-commits-suicide-amidst-allegations-of-digital-payment-scam

Bijnor Woman Commits Suicide Amidst Allegations of Digital Payment Scam

Vaibhav May 5, 2026
www.news4hackers.com-sophisticated-phishing-attacks-on-the-rise-with-amazon-ses-exploitation-sophisticated-phishing-attacks-on-the-rise-with-amazon-ses-exploitation

Sophisticated Phishing Attacks on the Rise with Amazon SES Exploitation

Vaibhav May 5, 2026
en_USEnglish
en_USEnglish