GitHub MCP Exploited: Accessing private repositories via MCP

Sheldon_Cooper · May 30, 2025, 7:59am

Link GitHub MCP Exploited: Accessing private repositories via MCP

T1000 · May 31, 2025, 5:59am

As they say in the aricle this is not a bug but an architectural design issue.

I a user uses an MCP integration without finer grained control of access e.g. Access specific repo only then everything using that users access is accesible.

This applies to all MCPs that access mixed sensitive and public context.

Like:

email sending MCPs: malicious payload can send to unwanted recipients (next wave of spam mailing tools)
CRM and marketing solutions: exfiltration of sensitive contact info
calendar: can send sensitive data in notification to URL from malicious payload
email: can read private emails or send email
ERP: can extract sensitive company info
search: can expose users personal queries
browser: can send users sensitive info (CLI access in regular terminal) to remote controlled data collection servers (infected by hackers to evade tracking or shutdown)

etc..

Topic		Replies	Views
Enhance MCP and Native Tool Security Feature Requests	2	232	April 29, 2025
Indexing Private Repos Discussions	3	261	April 18, 2025
MCP under win11 How To	1	84	April 22, 2025
Github MCP error Bug Reports	1	282	May 4, 2025
Are MCPs really useful? How To	5	1379	March 7, 2025

GitHub MCP Exploited: Accessing private repositories via MCP

Related topics