Is @azure/mcp safe?

1 known CVE The mcp-audit verdict for @azure/mcp (npm), rendered from the same JSON the API serves.

Registry facts

Maintainer	Microsoft
Verified publisher	no
Entry last verified	2026-05-02
Hash pins available	no
Repository	https://github.com/Azure/azure-mcp

CVE	CVSS	Summary	Fixed in
CVE-2026-26118	—	—	no fix published

Source: National Vulnerability Database (NVD).

Capability tags come from mcp-audit's curated registry and drive its cross-server toxic-flow analysis.

This page describes the public package. What matters is your deployment — run the full check locally:

pip install mcp-audit-scanner
mcp-audit check

![mcp-audit](https://img.shields.io/endpoint?url=https://mcp-audit.dev/v1/badge/npm/at-azure-mcp.json)