2. Privilege Escalation

Published on 30 June 2025 • Updated on 9 September 2025

2. Privilege Escalation

MCP Servers are often deployed quickly in test environments, sometimes running with root or overly permissive privileges. If compromised, the attacker can escalate to:

• System compromise: Full access to host OS.
• Credential theft: Access to API keys, secrets, or tokens.
• Container escape: Moving out of Docker/VM environments into the host.

Risk: Once root access is gained, every connected tool, database, or security platform may be exposed.

Mitigation:

• Always run MCP processes as non-root users.
• Use containers or sandboxes with strict capability drops.

Apply resource limits (cgroups, namespaces) to minimize blast radius.