Techly NewsGet the app

Get the latest tech news

GitHub MCP exploited: Accessing private repositories via MCP


We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security analyzer for detecting toxic agent flows.

It is highly relevant to raise awareness about this issue at this time, as the industry is racing to deploy coding agents and IDEs widely, potentially exposing users to similar attacks on critical software development tools. The recently introduced proxy mode in MCP-scan significantly simplifies this process by enabling real-time security scanning of MCP connections without requiring modifications to your existing agent infrastructure. Implementing comprehensive monitoring also creates an audit trail that helps identify potential vulnerabilities, detect exploitation attempts, and ensure your agent systems remain protected against emerging attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of mcp

mcp

Photo of GitHub MCP

GitHub MCP

Photo of private repositories

private repositories

Related news:

News photo

Claude 4 and GitHub MCP will leak your private GitHub repositories

News photo

Trading with Claude, and writing your own MCP server

News photo

MCP Will Be Built Into Windows To Make an 'Agentic OS' - Bringing Security Concerns

« New DSL "MassQL" lets scientists query mass spectrometry data
BlackRock Issues Bitcoin Warning, Says BTC Source Code Could Be Rendered ‘Flawed or Ineffective’ by Quantum Computing »