MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found. April 18, 2026 MCPwn dropped this week. CVE-2026-33032 — CVSS 9.8, actively exploited, 2,600+ instances exposed. Two HTTP requests. No authentication. Full nginx server takeover. Then MCPwnfluence: CVE-2026-27825
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Somali terror groups could tighten Hormuz chokehold through Bab-el-Mandeb piracy, experts say
- [CYBER] Latvian national sentenced for ransomware attacks run by former Conti leaders
- [CYBER] Over 5 months: Payment bypass marked OOS, moved to VDP, and downgraded to Medium.
- [CYBER] Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
- [CYBER] Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
- [CYBER] IHC orders removal of YouTuber Rajab Butt's name from Passport Control List