MCP Security 2026: 30 CVEs in 60 Days

The CVEs here are legit and worth knowing about, CVE-2025-6514 alone is a 9.6 command injection in mcp-remote through the auth flow, that's terrifying. But the article itself has that AI-generated smell to it, real data wrapped in a template.

The actual situation is simpler and scarier: most MCP servers still ship with zero auth, tool descriptions are trusted blindly at runtime, and nobody's validating what a server does vs what it declares. If you're running MCP in production, go scan your setup before reading another guide.

30 CVEs. 60 days. 437,000 compromised downloads. The Model Context Protocol went from “promising open standard” to “active threat surface” faster than anyone predicted.

Between January and February 2026, security researchers filed over 30 CVEs targeting MCP servers, clients, and infrastructure. The vulnerabilities ranged from trivial path traversals to a CVSS 9.6 remote code execution flaw in a package downloaded nearly half a million times. And the root causes were not exotic zero-days — they were missing input validation, absent authentication, and blind trust in tool descriptions.

If you are running MCP servers in production — or even just experimenting with them in Claude Code or Cursor — this article is your field guide to what went wrong and how to protect yourself.