Browse all 19 CVE security advisories affecting modelcontextprotocol. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Modelcontextprotocol serves as an interface for AI model interactions, enabling secure data exchange between applications and language models. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure API endpoints. The protocol's security posture has been challenged by multiple critical flaws, including several that allowed unauthorized access to sensitive data or system compromise. With 19 CVEs documented, the implementation has faced recurring issues around authentication and authorization, highlighting challenges in securing complex AI integrations. While no major public incidents have been widely reported, the volume of reported vulnerabilities indicates ongoing security concerns that require rigorous patch management and secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27735 | mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries — serversCWE-22 | 8.6AI | HighAI | 2026-02-25 |
| CVE-2025-68145 | mcp-server-git has missing path validation when using --repository flag — serversCWE-22 | 9.8AI | CriticalAI | 2025-12-17 |
| CVE-2025-68144 | mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files — serversCWE-88 | 9.1AI | CriticalAI | 2025-12-17 |
| CVE-2025-68143 | mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations — serversCWE-22 | 9.1AI | CriticalAI | 2025-12-17 |
| CVE-2025-53109 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling — serversCWE-59 | 4.3AI | MediumAI | 2025-07-02 |
| CVE-2025-53110 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix — serversCWE-22 | 7.5AI | HighAI | 2025-07-02 |
This page lists every published CVE security advisory associated with modelcontextprotocol. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.