Official MCP servers ship known-vulnerable dependencies at install time (bindfort.com)

A recent scan revealed that all official Model Context Protocol (MCP) servers were shipping with a known vulnerable version of the @modelcontextprotocol/sdk package (version 1.0.1), which contains two high-severity vulnerabilities that pose significant risks to AI agents and their infrastructure. The vulnerabilities include a Regular Expression Denial of Service (ReDoS) that can lead to service unresponsiveness and a DNS rebinding flaw that could allow an attacker to take control of an agent running locally. Crucially, standard Software Composition Analysis (SCA) scanning tools missed these vulnerabilities, as they only assessed the top-level dependencies instead of performing a full recursive dependency inspection. This discovery underscores the inherent risks in the supply chain for AI tools, where a compromised dependency can lead to attacks that manipulate the responses agents receive. The implications are vast, particularly as AI frameworks increasingly rely on MCP servers to interact with various tools and data sources. Teams using MCP servers must proactively audit their dependencies, ensuring they are using at least @modelcontextprotocol/sdk version 1.25.2, where these vulnerabilities have been patched. This situation highlights the essential need for deeper scanning methodologies to uncover hidden risks within software dependencies.