GitHub MCP Exploited: Accessing Private Repositories via MCP

invariantlabs.ai

cross-posted to:
netsec

GitHub MCP Exploited: Accessing Private Repositories via MCP

invariantlabs.ai

RSS Bot@lemmy.bestiver.seMB to Hacker News@lemmy.bestiver.seEnglish · 11 days ago

cross-posted to:
netsec

GitHub MCP Exploited: Accessing private repositories via MCP

invariantlabs.ai

We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security analyzer for detecting toxic agent flows.

Comments

You must log in or register to comment.

Chat

Hacker News@lemmy.bestiver.se

hackernews@lemmy.bestiver.se

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@lemmy.bestiver.se

Community locked: only moderators can create posts. You can still comment on posts.

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

8 users / day
151 users / week
228 users / month
235 users / 6 months
0 local subscribers
1.56K subscribers
1.02K Posts
354 Comments
Modlog