Skip to content

research: MCP protocol security vulnerabilities + MCPSec backward-compatible extension (arXiv:2601.17549) #2217

Closed
#2310
Closed
research: MCP protocol security vulnerabilities + MCPSec backward-compatible extension (arXiv:2601.17549)#2217
#2310
Assignees
bug-ops
Labels
P2High value, medium complexityresearchResearch-driven improvementsecuritySecurity-related issuetoolsTool execution and MCP integration
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 27, 2026

Source

arXiv:2601.17549 — Breaking the Protocol: Security Analysis of the Model Context Protocol Specification and Prompt Injection Vulnerabilities in Tool-Integrated LLM Agents (Jan 2026)

Summary

First formal security analysis of MCP, identifying 3 architectural vulnerabilities with 23–41% higher attack success rates vs. non-MCP integrations. Proposes MCPSec, a backward-compatible extension cutting successful attacks from 52.8% to 12.4% with 8.3ms median overhead.

Vulnerabilities Affecting Zeph

  1. Missing capability attestation — Zeph registers MCP tools without verifying server-claimed capabilities
  2. Unauthenticated bidirectional sampling — rmcp supports bidirectional sampling without message authentication
  3. Implicit multi-server trust propagation — multiple MCP servers are chained without trust isolation

MCPSec Proposals (Implementable)

Relation to Open Issues

Provides the threat model and protocol-level design for completing issue #2178 (MCP security hardening). Combined with PR #2213 (McpTrustLevel, tool_allowlist), this paper defines what's still missing.

Complexity

Medium — capability attestation is a schema addition; message auth requires rmcp transport-layer changes.

Metadata

Metadata

Assignees

Labels

P2High value, medium complexityresearchResearch-driven improvementsecuritySecurity-related issuetoolsTool execution and MCP integration

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions