The Intake — Thursday, May 14, 2026

MDASH found 16 previously unknown vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution flaws. The system was built by Microsoft's Autonomous Code Security team and published on May 12. MDASH orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models.

Its design runs three steps: discover candidate vulnerabilities, debate them across the agent ensemble, and confirm exploitability end-to-end. CVE-2026-40361 and CVE-2026-40364 were both assessed as more likely to be exploited in the wild.

CyberGym is a public benchmark of 1,507 real-world vulnerabilities drawn from OSS-Fuzz projects. MDASH scored 88.45%, placing first on the public leaderboard. Against five years of confirmed MSRC cases, internal recall metrics reached 96% on clfs.sys and 100% on tcpip.sys.

The benchmark result and the Windows deployment together test different things. CyberGym measures recall on known vulnerabilities drawn from a public corpus. The Windows deployment measures whether the system finds new ones in production code under real conditions. Both figures — the CyberGym score and the recall metrics — are Microsoft's, and both are pre-publication disclosures in a Microsoft blog post — which is to say, vendor testimony. One open question — not addressed in the blog post — is whether recall holds on codebases outside the Windows and CyberGym evaluation set.

---

Three MCP server implementations — for Apache Doris, Apache Pinot, and Alibaba RDS — carry vulnerabilities including an SQL injection, an authentication bypass, and an information disclosure flaw. The research comes from Akamai security analyst Tomer Peled, who is presenting full findings at x33fcon next month. The three disclosures have three different remediation outcomes.

CVE-2025-66335 is an SQL injection in the Apache Doris MCP Server. Versions prior to 0.6.1 are affected; the vulnerability sits in the db_name parameter of the exec_query function. Apache patched the flaw and issued the CVE entry.

Apache Pinot MCP v1.1.0 and earlier carries an authentication bypass over unauthenticated HTTP transport. The bypass enables SQL injection and full database takeover. StarTree has added OAuth as an option for Apache Pinot, per The Register. The authentication bypass remains in the upstream code.

Alibaba declined to patch the information disclosure vulnerability in its RDS MCP server. Peled reported the flaw; Alibaba responded that it was "not applicable." The unfixed flaw allows any unauthenticated caller to retrieve sensitive metadata from vector indexes without query validation.

All three were found by the same researcher against the same class of software in the same research disclosure.

---