Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
9 articles

#MCP

All CosmicBytez Labs articles tagged #MCP, across news, security advisories, how-to guides, and projects.

  • NewsJul 16, 2026

    2-Click Cursor Exploit Enables Dev Environment Takeover

    DeepJack: two clicks in Cursor IDE silently installs a malicious MCP server with full user privileges, stealing source code and secrets. Unpatched in July 2026.

  • SecurityJul 16, 2026

    CVE-2026-46339: 9Router Unauthenticated Plugin Registration & MCP Command Execution

    A critical CVSS 10 vulnerability in 9Router AI router versions 0.4.30–0.4.36 allows unauthenticated attackers to register custom plugins and execute arbitrary commands via an unprotected MCP bridge endpoint.

  • SecurityJul 3, 2026

    CVE-2026-52830: fast-mcp-telegram Path Traversal Enables Bearer Token Bypass

    A critical path traversal vulnerability in the fast-mcp-telegram Telegram MCP Server allows attackers to bypass Bearer token authentication and read...

  • SecurityMay 17, 2026

    CVE-2026-8719: WordPress AI Engine Plugin Privilege

    A missing WordPress capability check in the AI Engine plugin's MCP OAuth bearer-token path allows any authenticated user to escalate privileges to...

  • SecurityApr 24, 2026

    CVE-2026-6942: radare2-mcp OS Command Injection via Shell

    A critical OS command injection vulnerability in radare2-mcp 1.6.0 and earlier allows remote attackers to execute arbitrary commands by bypassing the...

  • NewsApr 20, 2026

    Anthropic MCP Design Vulnerability Enables RCE, Threatening

    Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...

  • SecurityMar 17, 2026

    CVE-2025-69902: Critical Command Injection in kubectl-mcp-server

    A critical command injection vulnerability in kubectl-mcp-server allows unauthenticated attackers to execute arbitrary OS commands through unsanitized...

  • ProjectMar 11, 2026

    Claude Code for IT Operations: Building a Multi-Project

    Transform Claude Code from a chatbot into a DevOps co-pilot. Set up CLAUDE.md templates, custom hooks, reusable agents, deployment skills, and MCP server...

  • NewsFeb 17, 2026

    Trojanized MCP Server Deploys StealC Infostealer Targeting

    A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...