Critical · CVSS 9.8 May 12, 2026 · OX Security

MCP Toolchain Vulnerabilities

The Integration Layer Is the Attack Surface

OX Security disclosed critical vulnerabilities across Model Context Protocol server implementations on May 12, 2026. MCP servers bridge AI agents to APIs, local services, files, and operational systems — and that integration layer is now the primary attack surface. Two CVEs affect toolchains with over 140,000 GitHub stars and an ecosystem reaching approximately 150 million downloads. Attackers can achieve remote code execution, API key theft, and lateral movement across clusters and cloud systems.

2 CVEs

9.8 Max CVSS

~150M Downloads Affected

7,000+ Exposed Servers

"The integration layer is not a secondary concern. It is the attack surface."

— OX Security

Members only

Full technical analysis, attack chain, IOCs, and the defensive checklist are available to registered members — free to join.

Primary source: OX Security disclosure, May 12, 2026. This advisory is an independent defensive guide produced by Spectreworks AI for educational purposes only and is not affiliated with OX Security.