{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:XHFUQAS7XC7HNV3OHJ4UTE2HG6","short_pith_number":"pith:XHFUQAS7","schema_version":"1.0","canonical_sha256":"b9cb48025fb8be76d76e3a794993473797cc7c562d806f0250dee238c49772bc","source":{"kind":"arxiv","id":"2605.21392","version":1},"attestation_state":"computed","paper":{"title":"VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Dakun Shen, Enhao Huang, Pengyu Sun, Qishu Jin, Song Li, Xin Liu, Zifeng Kang","submitted_at":"2026-05-20T16:46:51Z","abstract_excerpt":"Model Context Protocol (MCP) has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can create a direct path from natural-language input to security-sensitive sinks, potentially granting attackers remote code execution or full system compromise. Existing approaches either produce unconfirmed static alerts without dynamic validation, or rely on fixed template libraries that lack code-lev"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.21392","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T16:46:51Z","cross_cats_sorted":[],"title_canon_sha256":"04c98b0d91a629d14606062d0693ea291b16a3860667693bb54623f2589ebc75","abstract_canon_sha256":"d185d4d019c4a9b7988c9fd071d7ad7d69bfc19c6b0fd035ae1ac47d9d34f72f"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-21T02:05:32.544201Z","signature_b64":"Bo1bQgJLvq/OeCxp1PJB/V8A32mAA6Lag2+VtPEfcrU/9SrhxiylGd53hs0cH86oBaCu/wKCIBKkeVrb4mvPDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"b9cb48025fb8be76d76e3a794993473797cc7c562d806f0250dee238c49772bc","last_reissued_at":"2026-05-21T02:05:32.543431Z","signature_status":"signed_v1","first_computed_at":"2026-05-21T02:05:32.543431Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Dakun Shen, Enhao Huang, Pengyu Sun, Qishu Jin, Song Li, Xin Liu, Zifeng Kang","submitted_at":"2026-05-20T16:46:51Z","abstract_excerpt":"Model Context Protocol (MCP) has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can create a direct path from natural-language input to security-sensitive sinks, potentially granting attackers remote code execution or full system compromise. Existing approaches either produce unconfirmed static alerts without dynamic validation, or rely on fixed template libraries that lack code-lev"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.21392","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.21392/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.21392","created_at":"2026-05-21T02:05:32.543559+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.21392v1","created_at":"2026-05-21T02:05:32.543559+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.21392","created_at":"2026-05-21T02:05:32.543559+00:00"},{"alias_kind":"pith_short_12","alias_value":"XHFUQAS7XC7H","created_at":"2026-05-21T02:05:32.543559+00:00"},{"alias_kind":"pith_short_16","alias_value":"XHFUQAS7XC7HNV3O","created_at":"2026-05-21T02:05:32.543559+00:00"},{"alias_kind":"pith_short_8","alias_value":"XHFUQAS7","created_at":"2026-05-21T02:05:32.543559+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6","json":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6.json","graph_json":"https://pith.science/api/pith-number/XHFUQAS7XC7HNV3OHJ4UTE2HG6/graph.json","events_json":"https://pith.science/api/pith-number/XHFUQAS7XC7HNV3OHJ4UTE2HG6/events.json","paper":"https://pith.science/paper/XHFUQAS7"},"agent_actions":{"view_html":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6","download_json":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6.json","view_paper":"https://pith.science/paper/XHFUQAS7","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.21392&json=true","fetch_graph":"https://pith.science/api/pith-number/XHFUQAS7XC7HNV3OHJ4UTE2HG6/graph.json","fetch_events":"https://pith.science/api/pith-number/XHFUQAS7XC7HNV3OHJ4UTE2HG6/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6/action/timestamp_anchor","attest_storage":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6/action/storage_attestation","attest_author":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6/action/author_attestation","sign_citation":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6/action/citation_signature","submit_replication":"https://pith.science/pith/XHFUQAS7XC7HNV3OHJ4UTE2HG6/action/replication_record"}},"created_at":"2026-05-21T02:05:32.543559+00:00","updated_at":"2026-05-21T02:05:32.543559+00:00"}