## MCP Protocol Security Gap: Unchecked Session Enumeration Risk Exposes Cross-User Data Access A critical security check remains missing from the Model Context Protocol (MCP) vulnerability assessment suite, leaving servers potentially exposed to cross-session data access. The official assessment checklist explicitly flags 'Session enumeration — can you list or access other users' sessions?' as an unchecked item, a significant oversight given the protocol's handling of sensitive session data. While existing probes test for predictability, unauthenticated termination, and weak binding, the core risk of one user accessing another's session context has not been actively tested, creating a blind spot in the security posture of MCP implementations. The proposed `probeSessionEnumeration` function aims to close this gap by simulating a direct attack vector. The probe would first establish two separate, valid sessions (Session A and Session B) via the `initialize` handshake. It would then attempt to send a `tools/list` or `resources/list` request—which should return session-specific data—using Session A's identifier (`Mcp-Session-Id` header) but from the network context of Session B. This test directly answers the unchecked question: can a user manipulate session identifiers to enumerate or access data belonging to another active session on the server? This missing probe represents a fundamental authorization flaw in the assessment framework. If servers do not properly validate that a session ID is bound to the originating client's connection or context, an attacker could potentially list another user's available tools or resources, leading to data leakage or privilege escalation. The absence of this test means deployed MCP servers may have an unknown vulnerability that existing automated checks cannot detect, placing the security of multi-user MCP environments under unverified risk. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: cybersecurity, protocol_vulnerability, session_management, authorization, data_leakage - **Credibility**: unverified - **Published**: 2026-03-31 00:26:54 - **ID**: 42047 - **URL**: https://whisperx.ai/en/intel/42047