← NIST Vulnerability MCP Server
NIST Vulnerability MCP Server — agentic threat model
This agent acts as a read-only informational bridge to the NIST NVD database, presenting low inherent agentic risk due to its lack of write capabilities, though it could be used to feed vulnerability intelligence to malicious orchestrators.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The MCP server itself does not specify a foundation model, but the consuming agent's LLM is susceptible to prompt injection that could manipulate how CVE data is interpreted or presented.
The agent queries the external NIST NVD API. Threats include upstream data poisoning of the NVD or man-in-the-middle attacks altering the returned vulnerability intelligence before it reaches the agent context.
As an MCP server, it exposes tools for CVE lookup and product queries. Risks include insecure tool integration where an orchestrating agent passes unsanitized inputs to the MCP tool, potentially causing denial of service or unexpected behavior.
Not certain from the listing — The deployment infrastructure of this MCP server is host-dependent. If run locally without sandboxing, vulnerabilities in the server code or its dependencies could lead to local host compromise.
Not certain from the listing — There is no mention of built-in logging, rate-limiting, or validation guardrails for the API requests made to the NIST NVD, creating potential blind spots in usage monitoring.
The tool is open source and free, with no explicit authentication, authorization, or compliance controls mentioned in the listing to restrict who can query the server or how the data is audited.
Designed to surface vulnerability intelligence into broader agent contexts. A compromised or rogue orchestrator agent could abuse this tool to automatically scan and identify zero-day or unpatched exposures in a target environment.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).