Trivy Scan Flags High-Severity Vulnerability in Discord-MCP Container Image

A recent automated security scan has exposed a high-severity vulnerability within a widely used container image for Discord integration. The scan of the `ghcr.io/anthony-spruyt/discord-mcp:latest` image, conducted on April 8, 2026, identified a total of 11 vulnerabilities, with one classified as HIGH severity. This finding raises immediate security concerns for any systems or applications deploying this specific container version, as it introduces a potential attack vector that could be exploited.

The core of the issue is a specific vulnerability tracked as CVE-2026-35568, which affects the `io.modelcontextprotocol.sdk:mcp-core` package at version 0.17.1. The vulnerability has been assigned a HIGH severity rating, indicating a significant risk that requires prompt attention. According to the scan results, a patched version (1.0.0) is available to remediate this specific flaw. The scan also revealed an additional 10 vulnerabilities rated as MEDIUM severity, which, while less critical, collectively increase the overall security risk profile of the container.

This automated disclosure, generated by a Trivy scan workflow, places direct pressure on the maintainer, Anthony Spruyt, and downstream users to assess their exposure and apply the available fix. For organizations utilizing this image in development or production environments, the presence of an unpatched HIGH-severity CVE necessitates an urgent review of deployment pipelines and security postures. The situation underscores the critical importance of continuous vulnerability scanning in containerized ecosystems to prevent the deployment of known, exploitable weaknesses.