vulnerable-mcp-servers-lab

Name: vulnerable-mcp-servers-lab
Rating: 2.4 (256 reviews)
Author: appsecco

by appsecco·★ 256·Score 48

A collection of intentionally vulnerable MCP servers for security training and research into common attack vectors.

securityai-llmdeveloper-tools

Forks

Open issues

5 mo ago

Last commit

2d ago

Indexed

Overview

This repository provides intentionally vulnerable MCP server implementations designed for security research and training. Each server demonstrates different security vulnerabilities such as path traversal, code injection, prompt injection, supply chain risks, and sensitive data exposure. The servers come with detailed documentation explaining their vulnerabilities and how to exploit them, making it valuable for security professionals researching AI system security and pentesters specializing in AI applications. The project is actively maintained by Appsecco, a cybersecurity company specializing in AI security testing.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Security research on MCP server vulnerabilities

you:Hands-on training for AI penetration testing

you:Developing security tests for AI applications

you:Are these servers safe to use?

you:What kinds of vulnerabilities do these servers demonstrate?

When to choose this

Security researchers and penetration testers who need practical, hands-on experience with MCP server vulnerabilities and attack vectors.

When NOT to choose this

Production environments or systems handling sensitive data, as these servers contain deliberate vulnerabilities that could be exploited.

Comparable tools

mcp-security-demoai-pentesting-labethical-hacking-platforms

Installation

Each vulnerable server lives in its own directory with specific installation instructions. To use:

Clone the repository: git clone https://github.com/appsecco/vulnerable-mcp-servers-lab.git
Navigate to the specific vulnerable server directory (e.g., cd vulnerable-mcp-server-filesystem-workspace-actions)
Follow the README instructions in that directory

For Claude Desktop integration, many servers include a claude_config.json snippet that should be merged into your Claude Desktop configuration. For example:

{
  "mcpServers": {
    "vulnerable-filesystem": {
      "command": "node",
      "args": ["index.js"]
    }
  }
}

FAQ

Are these servers safe to use?: No, these servers are intentionally vulnerable and should only be used in controlled lab environments with disposable VMs or containers.
What kinds of vulnerabilities do these servers demonstrate?: The servers demonstrate various security issues including path traversal, code injection, prompt injection, supply chain attacks, and sensitive data exposure.

Compare vulnerable-mcp-servers-lab with

vulnerable-mcp-servers-lab vs ultimate_mcp_server vulnerable-mcp-servers-lab vs mcp-server-chart vulnerable-mcp-servers-lab vs everything vulnerable-mcp-servers-lab vs filesystem vulnerable-mcp-servers-lab vs time

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.