(www.generalanalysis.com)

780 points rexpository | 2 comments | 08 Jul 25 17:46 UTC | HN request time: 0s | source

Show context

coderinsan ◴[08 Jul 25 18:40 UTC] No.44502789[source]▶

From tramlines.io here - We found a similar exploit in the official Neon DB MCP - https://www.tramlines.io/blog/neon-official-remote-mcp-explo...

replies(1): >>44502917 #

1. simonw ◴[08 Jul 25 18:57 UTC] No.44502917[source]▶

>>44502789 #

Hah, yeah that's the exact same vulnerability - looks like Neon's MCP can be setup for read-write access to the database, which is all you need to get all three legs of the lethal trifecta (access to private data, exposure to malicious instructions and the ability to exfiltrate).

replies(1): >>44503534 #

2. coderinsan ◴[08 Jul 25 20:03 UTC] No.44503534[source]▶

>>44502917 (TP) #

Here's another one we found related to the lethal trifecata problem in AI Email clients like Shortwave that have integrated MCPs - https://www.tramlines.io/blog/why-shortwave-ai-email-with-mc...

↑

Supabase MCP can leak your entire SQL database