MCP (Model Context Protocol) configuration files allow specific softwares such as IDEs like Cursor to interact with MCP servers. These files may contain sensitive information which could assist an attack to conduct further attacks.

This is an informational notice that the scanner was able to detect an MCP (Model Context Procol) manifest on the target server.

This is an informational notice that the scanner was able to detect a Model Context Protocol (MCP) server available without authentication on the target server. When available, the plugin provides the list of tools, prompts and resources in the attachments.

This is an informational notice that the scanner was able to detect a Model Context Protocol (MCP) HTTP server (using SSE or Streamable-HTTP transport mode) on the target server.

This is an informational notice that the scanner was able to detect an MCP (Model Context Procol) Inspector instance on the target server.

ModelContextProtocol (MCP) servers using SSE (Server-Sent Events) transport mode are prone to DNS rebinding attacks when they do not enforce strict verification of both the 'Origin' and 'Host' headers. This vulnerability allows an attacker to bypass same-origin policies, potentially leading to unauthorized access to sensitive data or actions on behalf of the user in the context of the vulnerable MCP server.

This detection is included in the AI and LLM category.

According to the self-reported version number, the version of MCP Inspector hosted on the remote is affected by a Remote Code Execution vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

This detection is included in the AI and LLM category.

ID	Name	Product	Family	Published	Updated	Severity
114803	MCP Client Configuration File Detected	Web App Scanning	Data Exposure	5/23/2025	5/23/2025	medium
114793	MCP Manifest Detected	Web App Scanning	Artificial Intelligence	5/22/2025	5/22/2025	info
114791	MCP Server Unauthenticated Access	Web App Scanning	Artificial Intelligence	6/11/2025	6/18/2025	info
114790	MCP Server Detected	Web App Scanning	Artificial Intelligence	5/22/2025	6/17/2025	info
114797	MCP Inspector Detected	Web App Scanning	Artificial Intelligence	5/22/2025	5/22/2025	info
114885	MCP Server SSE DNS Rebinding	Web App Scanning	Artificial Intelligence	6/20/2025	7/3/2025	medium
114906	MCP Inspector < 0.14.1 Remote Code Execution	Web App Scanning	Artificial Intelligence	7/4/2025	7/4/2025	critical

Detections

Analytics

Plugins Search

medium

info

info

info

info

medium

critical