Content:
BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked.
We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories.
creds to @marco_milanta
You must log in or register to comment.
It is almost as if connecting private and public channels together using a “do random shit” engine is not a good idea for security.
Maybe I should have just linked the blog post: https://invariantlabs.ai/blog/mcp-github-vulnerability