Security research, vulnerability analysis, and guides.
A tool that sends email was annotated read-only. That annotation decides whether your MCP client asks for confirmation. It's an advisory hint, not a security boundary — and the gap between those two facts is exploitable.
Most MCP servers ship with no input validation. A few have exploitable vulnerabilities. The real risk is in how tools combine.
CVE-2026-25253 revealed a 1-click RCE in OpenClaw. We analyzed the attack chain and found a pattern that goes beyond this single vulnerability — attackers disabling safety controls before exploitation.