## MCP Security Gap: verify-mcp.ts Fails to Probe for Unauthenticated Data Exfiltration via resources/read A critical security verification gap has been identified in the `verify-mcp.ts` tool used to audit Model Context Protocol (MCP) servers. The tool currently probes for unauthenticated access to the `resources/list` endpoint across all transport paths—SSE, Streamable HTTP, and stdio—and flags it as a high-severity finding. However, it does not perform the crucial follow-up step: attempting a `resources/read` call on the URIs discovered through the list. This omission means the tool fails to detect the most severe vulnerability: servers that allow **unauthenticated data exfiltration**, where an attacker can directly read and extract sensitive file contents, database records, or API data. According to the MCP specification, `resources/read` is the operation that returns the actual content of a resource, using a `uri` parameter obtained from a `resources/list` response. A server permitting unauthenticated reads represents a critical-severity vulnerability, a risk strictly worse than merely allowing an unauthenticated listing of available resources. This gap corresponds directly to an open TODO item documented under the `verify-mcp.ts` core verification engine, highlighting a known but unaddressed flaw in the security assessment pipeline. The existing `resources/list` probe infrastructure is already implemented across the three transport paths, as seen in the SSE transport code around line 16 of `src/active/verify-mcp.ts`. The absence of the complementary `resources/read` probe leaves security assessments incomplete, potentially providing a false sense of security by missing the endpoint that enables actual data theft. This oversight necessitates an immediate update to the verification engine to close this exfiltration detection gap. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: security, vulnerability, MCP, data-exfiltration, audit-tool - **Credibility**: unverified - **Published**: 2026-03-31 08:27:09 - **ID**: 42733 - **URL**: https://whisperx.ai/en/intel/42733