What are the most common MCP security risks?

Last updated: · Based on 15,923 rated MCP servers

The most common security risk across 15,923 scanned MCP servers is missing sandbox configuration, affecting 64% of servers (10,197 out of 15,923). Other frequent issues include credential/token leakage (4.8%), Server-Side Request Forgery or SSRF (2.2%), child process injection (1.7%), missing input validation (1.6%), and path traversal vulnerabilities (1.5%). Beyond specific code flaws, our research has identified systemic problems: 97% of MCP tools don't tell AI agents when to use them, and 89% lack error-handling guidance. Read more in our State of MCP Security 2026 report.

← All FAQsMore in MCP SecurityStill stuck? Contact us