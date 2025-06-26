AppSec Co. exposes serious flaws in 100’s of MCP servers

June 2025 by AppSec Co.

AppSec org Backslash Security published research it conducted on nearly 50% of the 15,000+ Model Context Protocol (MCP) servers in existence, and found hundreds with vulnerabilities that put vibe coders and their org’s sensitive assets at risk. In some instances, the combination of vulnerabilities was catastrophic.

• Network Exposure, AKA the MCP ‘NeighborJack’: In hundreds of cases, MCP servers that were explicitly bound to all network interfaces (0.0.0.0), making them accessible to anyone on the same local network.

• Excessive Permissions & OS Injection: In dozens of instances, MCP servers were discovered that allow arbitrary command execution on the host machine.

• A Catastrophic Combination: Both vulnerabilities were present on several MCP servers, allowing bad actors to take full control of its host machine - no login, no auth, no sandbox.

In reaction to these findings, Backslash has established the MCP Server Security Hub - the first publicly available, free (no login or registration required), dynamically maintained, and searchable central database of over 7,000 MCP servers (and growing daily). Each entry rates the designated MCP server’s risk and security posture based on various factors, including vulnerabilities and their severity, exposure to attack vectors, and provenance.