We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
The post From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting appeared first on Security Boulevard.
Gaƫtan Ferry
Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/10/from-path-traversal-to-supply-chain-compromise-breaking-mcp-server-hosting/