Skip to content

Add MCP client security requirements for local server installation #980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jmanico merged 5 commits into from
Jun 19, 2026
+3 −2
Merged

Add MCP client security requirements for local server installation #980

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a24f90e
docs: Minor changes to the wording of the MCP Security chapter
Jun 19, 2026
1d57826
docs: Add MCP client security requirements for local server installation
Jun 19, 2026
eab257b
Fix formatting in MCP Security document
zbraiterman Jun 19, 2026
cbe1fb0
Merge branch 'OWASP:main' into mcp-security
zbraiterman Jun 19, 2026
cb3cbae
Fix formatting in MCP Security validation table
zbraiterman Jun 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions 1.0/en/0x10-C10-MCP-Security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Control Objective

Ensure secure discovery, authentication, authorization, transport, and use of MCP-based tool and resource integrations to prevent context confusion, unauthorized tool invocation, or cross-tenant data exposure. This chapter covers MCP protocol-specific controls.
Ensure secure discovery, authentication, authorization, transport, and use of MCP-based tool and resource integrations to prevent context confusion, unauthorized tool invocation, or cross-tenant data exposure. This chapter covers MCP-specific controls.

---

Expand Down Expand Up @@ -46,13 +46,14 @@ Ensure secure discovery, authentication, authorization, transport, and use of MC

| # | Description | Level |
| :--: | --- | :---: |
| **10.4.1** | **Verify that** MCP tools/list and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 |
| **10.4.2** | **Verify that** MCP tools/list and tool responses are schema validated before being injected into the model context. | 1 |
| **10.4.1** | **Verify that** MCP tools/list requests and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 |
| **10.4.2** | **Verify that** MCP tools/list requests and tool responses are schema validated before being injected into the model context. | 1 |
| **10.4.3** | **Verify that** MCP servers reject unrecognized or oversized parameters in function calls. | 1 |
| **10.4.4** | **Verify that** all MCP servers enforce strict schema validation. | 2 |
| **10.4.5** | **Verify that** all MCP transports enforce maximum payload size limits. | 2 |
| **10.4.6** | **Verify that** MCP servers sign tool responses with a unique nonce and timestamp so MCP clients can avoid replay attacks. | 2 |
| **10.4.7** | **Verify that** MCP clients maintain a snapshot of tool definitions and that any change to a tool definition triggers re-approval before the modified tool can be invoked. | 3 |
| **10.4.8** | **Verify that** MCP clients present users with explicit consent dialogue and cancellation options upon installation of a local MCP server. | 2 |

---

Expand Down
Loading