MCPwned -- Azure MCP Server SSRF & Cloud Takeover (CVE-2026-26118)

SSRF vulnerability (CVSS 8.8) in Azure MCP Server Tools allowed stealing managed identity tokens via malicious URLs submitted in place of Azure resource identifiers. Attackers could impersonate the server's identity and access Azure resources, compromising Azure and Entra ID tenants.