Hundreds of MCP Servers Vulnerable to Remote Code Execution and Data Exposure

A growing number of Model Context Protocol (MCP) servers, which are linked to artificial intelligence, have been identified as misconfigured and vulnerable to significant security threats. Recent research reveals that hundreds of these systems may expose users to data breaches and remote code execution (RCE) attacks.

An analysis conducted by Backslash Security highlighted that these servers, initially introduced in late 2024, have become integral to many organizations’ AI infrastructure, with over 15,000 in use globally. Unfortunately, the rapid adoption of MCP servers has outpaced the implementation of proper security protocols.

James Sherlow, the systems engineering director for EMEA at Cequence Security, commented on the situation, stating, “It’s like the arms race as to how many APIs can I enable to be accessible via AI to give an immediate uplift in functionality.” He emphasized that MCPs serve as proxies and could unintentionally obscure the client’s identity.

The assessment analyzed more than 7,000 MCP servers available on the public web. Of these, a significant number were found to be accessible to anyone within the same local network due to a vulnerability known as “NeighborJack.” Additionally, around 70 servers exhibited severe issues, including improper input handling and excessive permissions. In multiple instances, both vulnerabilities were present, potentially allowing attackers full control over the host machine.

The research also pointed out that MCPs could be exploited in context poisoning attacks, where the foundational data for large language models (LLMs) can be manipulated, resulting in corrupted outputs. Although no malicious MCPs were discovered during the assessment, many were left unprotected due to improper configurations or a lack of authentication measures.

To mitigate these rising threats, Backslash Security has launched the MCP Server Security Hub, a searchable database that evaluates the security status of over 7,000 MCP servers. They also offer a free self-assessment tool designed to audit “vibe coding” environments.

To enhance defenses against these threats, Backslash Security recommends implementing several key precautions:

• Limit access to local network interfaces (127.0.0.1)
• Validate all external inputs
• Restrict file system access to essential directories
• Prevent the exposure of internal logs or sensitive information in AI responses
• Enforce strict authentication and access controls

Without clear standards and improved protective measures, the rapid proliferation of MCP servers may continue to introduce concealed risks to AI environments.