{"uuid": "a553d764-9c2d-4da4-8791-936cc75ad94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33032", "type": "seen", "source": "https://bsky.app/profile/highview.bsky.social/post/3mlmzkdcz3s2a", "content": "MCP went GA as a cloud primitive last week\n\nCVE-2026-33032 (CVSS 9.8) \u2014 unauthenticated takeover of nginx-UI MCP endpoints. Plus a STDIO transport flaw w/ ~200k servers in scope\n\nYaw Labs mcp-compliance grades any MCP server across 88 tests\n\nghub: YawLabs/mcp-compliance\ntokenlimit.news\n\n#MCP #Claude", "creation_timestamp": "2026-05-12T05:10:10.727932Z"}