7. Unknown Transitive Dependencies in Tool Chains
7. Unknown Transitive Dependencies in Tool Chains
MCP tools often rely on CLI tools (nmap, curl) or packages (requests, pycrypto) without visibility into their CVEs.
Tech Detail:
- No SBOM (Software Bill of Materials)
- No dynamic runtime dependency scanner
Exploit Potential:
- curl <7.84 allows command injection
- Python packages with typosquatted names (reqeusts) silently exfiltrate
Mitigation:
- Run syft or trivy on tool containers
- Publish signed SBOMs and track transitive CVEs