MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in
MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy

Threat Catalog

The MCP Security Threat Catalog

Every detection rule MCPSafe ships. Each entry maps to a CWE and a severity tier, and links to a page with explanation and detection notes. Paste an MCP server on the scan page to run the whole catalog against it.

91 rules · Last updated 2026-05-13T21:12:53Z

Rule IDNameDescriptionSeverityCWEScan type
MCP-272cross-tool-covert-invocationCloses the Unit42 "Covert Tool Invocation" attack class. A tool'sMEDIUMCWE-94Deep
MCP-273cors-wildcard-with-credentialsCloses the CORS-misconfiguration honourable mention from theMEDIUMCWE-942Fast
MCP-274dns-rebinding-host-validation-missingCloses a CVE-2025 class of DNS-rebinding attacks against localhostHIGHCWE-350Deep
MCP-275oauth-metadata-into-spawnCloses the CVE-2025-6514 (mcp-remote) class of OS-command injectionHIGHCWE-78Deep
MCP-276tool-spawn-with-tainted-argCloses the CVE-2026-5058 (aws-mcp-server) / CVE-2026-23744 (MCPJam)HIGHCWE-78Deep
MCP-277prm-endpoint-missingCloses the June 2025 MCP Authorization Specification gap: MCP serversHIGHCWE-1390Deep
MCP-278pkce-plain-methodCloses the OAuth 2.1 / MCP Authorization Specification PKCEHIGHCWE-757Deep
MCP-279resource-indicator-missingCloses the RFC 8707 / MCP Authorization Specification "ResourceHIGHCWE-345Deep
MCP-280elicitation-requests-credentialsCloses the MCP Elicitation Specification "MUST NOT requestHIGHCWE-522Deep
MCP-281elicitation-no-rate-limitCloses the MCP elicitation spec rate-limit SHOULD requirement.MEDIUMCWE-799Deep
MCP-282system-prompt-leakageCloses the OWASP LLM07 (System Prompt Leakage) gap. Fires when anMEDIUMCWE-200Deep
MCP-283auth-without-invocation-logCloses the OWASP MCP Top 10:2025 MCP08 (Lack of Audit and Telemetry)MEDIUMCWE-778Fast
MCP-284destructive-tool-no-audit-eventCloses the OWASP MCP Top 10:2025 MCP08 (Lack of Audit and Telemetry)MEDIUMCWE-778Fast
MCP-285context-overshareCloses the OWASP MCP Top 10:2025 MCP10 (Context Injection &MEDIUMCWE-668Fast
MCP-300cascade-prompt-injectionDetects MCP tool handlers that receive unsanitized user input and pass itHIGHCWE-94Fast
MCP-306secrets-in-request-logsDetects logging of sensitive request data (Authorization headers, API keys,HIGHCWE-532Fast

Showing 76–91 of 91 rules

«‹4›

Scan a server for these issues

MCPSafe detects every issue in this catalog automatically. Paste an MCP server’s GitHub URL or package name on the scan page.

Scan now