Post · bonfire.cafe

@nopatience@swecyb.com · 6 days ago

In the words of my dear internet friend @cR0w

... path traversal ( ../ ) vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service.

Go hack some AI shit.

https://blog.gitguardian.com/breaking-mcp-server-hosting/

#Cybersecurity #AI #MCP

GitGuardian Blog - Take Control of Your Secrets Security

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled