Security Advisories

Security research focused on Model Context Protocol (MCP) implementations and AI-assisted development tools.

Published Advisories

• Kluster's Verify MCP Server Exposes Users to Credit Exhaustion

  October 16, 2025 | security, mcp, dns

  Kluster AI’s verify-mcp server trusts any browser session that can reach its /stream endpoint.

• Neo4j MCP Cypher Server Vulnerable to Database Takeover Via DNS Rebinding

  October 13, 2025 | dns-rebinding, security, api, neo4j, database

  A DNS rebinding vulnerability in the Neo4j MCP Cypher Server allows remote attackers to execute arbitrary Cypher queries against a user's database, leading to potential data theft, modification, and full...

• Vet MCP Server SSE Transport DNS Rebinding Vulnerability

  October 06, 2025 | dns-rebinding, mcp, network-security, cve

  SafeDep Vet MCP Server is vulnerable to DNS rebinding attacks allowing malicious websites to bypass Same-Origin Policy and exfiltrate scan database contents through unauthorized MCP tool invocations.

• Amp AI Agent Allows API Key Exfiltration Via Prompt Injection

  October 03, 2025 | prompt-injection, security, ai, data-exfiltration, dns

  A prompt injection vulnerability in Amp's CLI and extensions allows attackers to exfiltrate environment variables including API keys via DNS queries without user consent. Amp declined to address the issue,...

• Kilo Code AI Agent Exposes Users to Supply Chain Attack Via Prompt Injection

  October 02, 2025 | prompt-injection, security, ai, supply-chain, vscode-extension

  A prompt injection vulnerability in the Kilo Code AI agent allows attackers to modify application settings, whitelist arbitrary commands, and execute automated supply chain attacks without user interaction.

• Coder's Agent API Exposes User Chat History Via DNS Rebinding Attack

  September 19, 2025 | dns-rebinding, security, api, llm

  A DNS rebinding vulnerability in Coder's Agent API allows remote attackers to exfiltrate a user's entire local message history, which may contain sensitive data like secret keys and intellectual property....

• Unauthorized Crypto Transactions Enabled by thirdweb MCP Server

  September 03, 2025 | mcp, cryptocurrency, network-security

  thirdweb MCP Server exposes unauthenticated SSE interface enabling unauthorized cryptocurrency transactions from victims' wallets.

• Grafana MCP Server Exposes Unauthenticated SSE Interface Enabling Remote Dashboard Manipulation

  September 02, 2025 | mcp, grafana, network-security

  Grafana MCP Server exposes unauthenticated SSE interface allowing network-level attackers to manipulate Grafana dashboards and access sensitive data.