We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.
Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-02 | Assigner VulnCheckCWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-20 Improper Input Validation
wunderwuzzi of Embrace The Red
embracethered.com/...nthropic-slack-mcp-server-data-leakage/
vulncheck.com/...nthropic-slack-mcp-server-data-exfiltration
Support options