Skip to content

protect against attacks from MCP server URLs #526

New issue
New issue
Closed
#712
Closed
protect against attacks from MCP server URLs#526
#712
Assignees
findleyr
Labels
help wantedGood candidate for contribution. Comment first to say you're working on it.
Milestone
v1.2.0
@jba

Description

@jba
jba
opened on Sep 25, 2025

https://verialabs.com/blog/from-mcp-to-shell documents some attacks that arise from trusting the authentication URLs served by MCP servers.
We should fix this along the lines of modelcontextprotocol/typescript-sdk#877, by preventing certain URL schemes.

Metadata

Metadata

Assignees

Labels

help wantedGood candidate for contribution. Comment first to say you're working on it.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions