1. MCP Protocol Security Gap: Unchecked Session Enumeration Risk Exposes Cross-User Data Access
A critical security check remains missing from the Model Context Protocol (MCP) vulnerability assessment suite, leaving servers potentially exposed to cross-session data access. The official assessment checklist explicitly flags 'Session enumeration — can you list or access other users' sessions?' as an unchecked item,...