Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes it's dev tool but when dev asks for data from DB through MCP it's accidentally running a sql injected by the attacker and reveals information to them.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: