Topic

#mcp-security

2 articles exploring mcp-security. Expert insights and analysis from our editorial team.

Showing 1–2 of 2 articles
Related topics:
cve-2026-30615 windsurf remote-code-execution ai-ide-security prompt-injection zero-click

Articles

Newest first
Security

Windsurf CVE-2026-30615 Is the Only Zero-Click in the April MCP RCE Wave: HTML Rewrites the Config

CISA-ADP scored CVE-2026-30615 CVSS 8.0 HIGH, making Windsurf the sole zero-click IDE in the April MCP RCE wave: attacker HTML silently rewrites mcp.json with no user.
Security

March-April MCP CVEs Expose the Local-Host Trust Model (see also [local-host trust model](/articles/hugging-face-lerobot-cve-2026-25874-unauthenticated-pickle-loads-rce-in-grpc/)) in AI Agent Frameworks

Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.
Browse All Topics