Protocol-level attacks

Attacks that exploit the MCP protocol itself — auth bypasses, command injection in the transport layer, token mis-redemption, and poisoned tool metadata. These flaws live below the application; no amount of careful tool design inside an MCP server will save a deployment from a broken protocol boundary.

Hidden Instructions in Tool Descriptions verified
MCP STDIO Command Injection verified
Typosquatting MCP Servers verified
MCPwn — nginx-ui Auth Bypass (CVE-2026-33032) verified
Token Mis-redemption Across MCP Servers verified
Tool Poisoning in MCP Definitions verified