security

Context Bleeding: How JSON.stringify() in MCP Servers Leaks Databases

A formal CWE-200 vulnerability disclosure — with proof-of-concept code, CVSS scoring, ORM-level analysis, and CVE filing — targeting the architectural anti-pattern taught by AI SDK tutorials.