We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here’s how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/10/from-path-traversal-to-supply-chain-compromise-breaking-mcp-server-hosting/
