New Enterprise-Ready MCP Specification Brings New Security Challenges
Summary
MCP (model context protocol, a standard for connecting AI agents to business tools) is transitioning to an enterprise version on July 28, 2026, with a 12-month deprecation window for older versions. While the new stateless design removes some vulnerabilities like session hijacking, it introduces new security risks including predictable tracking identifiers that could enable workflow hijacking, HTTP header leaks of sensitive data like API keys, cross-site scripting (XSS, where attackers inject malicious code into web pages) attacks via MCP Apps, and denial-of-service (DoS, overwhelming a system to make it unavailable) risks from long-running tasks.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/new-enterprise-ready-mcp-specification-brings-new-security-challenges/
First tracked: June 26, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 82%