INCIDENT

MCP - Tweet reports a security vulnerability in Stripe's MCP

Tweet reports a security vulnerability in Stripe's MCP server with a detailed code review and a 3.5/5 rating.

Updated: 3/20/2026

critical Severity

Status: active

Description

Stripe's MCP server has 595K downloads and an unguarded JSON.parse on line 48 that will crash your agent loop. I read every .ts and .py file. Five findings, all verified at exact line numbers. 3.5/5. @stripe Full review: https://t.co/UA5HUsJGkQ

Impact

Tweet reports a security vulnerability in Stripe's MCP server with a detailed code review and a 3.5/5 rating.

MCP - Tweet reports a security vulnerability in Stripe's MCP

Description

Impact

Attack Vectors

Mitigation

Sources