Between January and April 2026, researchers disclosed over 40 CVEs against Model Context Protocol implementations across Python, TypeScript, Java, and Rust SDKs. The vulnerabilities affect Anthropic's reference servers, third-party tools with 150 million combined downloads, and 9 of 11 MCP marketplaces. This post is cross-published from agentlair.dev . Timeline of Vulnerabilities 2025 Incidents: April: WhatsApp tool poisoning attack May: GitHub MCP prompt injection June: Asana cross-tenant exposure; CVE-2025-49596 (CVSS 9.4) July: CVE-2025-6514 (437,000+ downloads affected, CVSS 9.6) August: Filesystem sandbox escape September: Postmark supply chain attack October: Smithery path traversal 2026 Escalation: January–February saw 30+ CVEs filed in 60 days. January 20 marked three vulnerabilities in Anthropic's mcp-server-git reference implementation. April's Ox Security advisory detailed 10 high/critical CVEs, with 200,000 vulnerable servers estimated.…