INCIDENT
MCP - CoSAI found 40 security threats in MCP, including
CoSAI found 40 security threats in MCP, including 3 RCE vulnerabilities in the official Git server, raising concerns about the security of the widely adopted protocol.
Updated: 3/10/2026
high Severity
Status: active
Description
CoSAI found 40 distinct security threats across MCP. Three RCE vulnerabilities in the official Git MCP server itself. The protocol everyone's integrating has remote code execution baked in. Adoption is outpacing audit by 6 months.
Impact
CoSAI found 40 security threats in MCP, including 3 RCE vulnerabilities in the official Git server, raising concerns about the security of the widely adopted protocol.
Attack Vectors
- security