CVE-2025-54073 · high
MCP package-documentation server command injection
mcp-package-docs 0.1.27 and earlier.
Update to 0.1.28 or later and use argument-safe process APIs rather than shell interpolation.
CapitalGuard Observatory · Tool record
Multiple providers · connected assistant
MCP-connected assistants can discover resources and call tools exposed by local or remote servers, creating a reusable bridge between AI and files, APIs, databases, commands, and business systems.
Public-Control Score
N/A
Implementation-dependent protocol
MCP is a protocol and ecosystem, not one deployed product. A single score would hide differences between clients, servers, transport, authorization, and operator policy.
Scored dimensions
This record is reviewed against the same five-dimension rubric used across every scored product.
Read MethodologyA protocol needs implementation-level evidence.
Score the client, server, authorization method, transport, tool definitions, and operator policy together. A protocol-wide number would be false precision.
Documented access points
MCP resources and prompts
local stdio server processes
remote tools, OAuth scopes, APIs, and downstream services
Settings to verify now
Server origin, command, and transport
OAuth scopes, token audience, and consent
Filesystem, network, session, logging, and downstream permissions
Linked security signals
CVE-2025-54073 · high
mcp-package-docs 0.1.27 and earlier.
Update to 0.1.28 or later and use argument-safe process APIs rather than shell interpolation.
CVE-2026-40576 · critical
excel-mcp-server 0.1.7 and earlier.
Update to 0.1.8 or later, bind remote services narrowly, authenticate requests, and validate resolved paths against the approved root.
CGO-RESEARCH-2026-05 · informational
Agentic systems that combine untrusted content, private context, and action-capable tools.
Project trusted provenance, restrict capabilities before generation, and validate outputs before execution.
Linked evidence
Private file access
MCP-Connected AI Assistants Private File Access: What to Check
Credential exposure
MCP-Connected AI Assistants API Key Exposure: Check Before You Share
Client confidentiality
MCP-Connected AI Assistants Client Data Safety for Freelancers
Prompt injection
MCP-Connected AI Assistants Prompt Injection: A Practical Defense
Connector permissions
MCP-Connected AI Assistants Connector Permissions: Review the Real Scope
Command execution
MCP-Connected AI Assistants Command Execution: Keep Control
Unsafe generated code
MCP-Connected AI Assistants Generated Code Risks: Review Before You Run
History and sharing
MCP-Connected AI Assistants Chat History and Shared Links: Privacy Check
Accidental oversharing
MCP-Connected AI Assistants Sensitive Data: What Not to Paste
Autonomous actions
MCP-Connected AI Assistants Autonomous Actions: Approval Safety Guide