Detections
Analytics
MCP Server Prompt Injection
high Web App Scanning Plugin ID 114928
Language:
Synopsis
MCP Server Prompt InjectionDescription
Model Context Protocol (MCP) Server Prompt Injection occurs when malicious actors use tools response to inject malicious prompts to the calling LLM through the MCP client. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such vulnerabilities are particularly dangerous in AI development environments, where malicious tools can compromise the integrity of the development process and lead to further exploitation. This detection is included in the AI and LLM category.Solution
Review MCP server tools behaviour to ensure that they do not return malicious configurations or commands. Implement strict validation and sanitization of tool metadata to prevent the execution of unauthorized commands or sensitive action. Regularly audit MCP server configurations and tools to detect and mitigate potential injection attempts.See Also
https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks
https://www.tenable.com/blog/mcp-prompt-injection-not-just-for-evil
Plugin Details
Severity: High
ID: 114928
Type: remote
Family: Artificial Intelligence
Published: 7/31/2025
Updated: 7/31/2025
Scan Template: api, basic, full, mcp, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score Source: Tenable
CVSS v4
Risk Factor: High
Base Score: 7.5
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Reference Information
CWE: 840