Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
MCPwned: Hacking MCP Servers With One Skeleton Key Vulnerability - Jonathan Leitschuh, Independent
Friday April 3, 2026 3:25pm - 3:50pm EDT
Astor Ballroom (7th Floor)
MCPwned weaponizes a widely overlooked MCP-spec weakness, browser-based DNS rebinding, against SSE & streaming-HTTP MCP servers to exfiltrate data and escalate access.
This skeleton key vulnerability hacks your locally running MCP server, just by getting you to visit a malicious website.
Speakers
avatar for Jonathan Leitschuh

Jonathan Leitschuh

Open Source Security Researcher, Independent
Jonathan Leitschuh is an open source software security researcher and self-described Vulnerability Janitor. He was the inaugural Dan Kaminsky Fellow at HUMAN Security and later led research for OpenSSF’s Alpha-Omega project. He is best known for his 2019 Zoom zero-day disclosure... Read More →
Friday April 3, 2026 3:25pm - 3:50pm EDT
Astor Ballroom (7th Floor)
  Security and Operations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link