@article{ART003259605},
author={Park jung-kyu and Youngmi Baek},
title={Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments},
journal={Journal of Internet of Things and Convergence},
issn={2466-0078},
year={2025},
volume={11},
number={5},
pages={3}
TY - JOUR
AU - Park jung-kyu
AU - Youngmi Baek
TI - Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments
JO - Journal of Internet of Things and Convergence
PY - 2025
VL - 11
IS - 5
PB - The Korea Internet of Things Society
SP - 3
EP -
SN - 2466-0078
AB - The rapid advancement of large language models (LLMs) has highlighted the Model Context Protocol (MCP) as a new standard for tool integration. However, security vulnerability research in MCP environments remains insufficient. This study presents one of the first experimental applications of fuzzing in MCP environments, targeting two representative modules: a SQLite-based query engine and a file system (FS) interface. To this end, customized fuzzing harnesses were developed to systematically generate diverse payloads, and performance metrics were collected over 30-minute experiments. The results indicate that the SQL-based server produced 77,758 test cases with greater payload diversity and longer average payload lengths, whereas the FS-based server produced 47,520 cases with shorter and simpler payloads. Notably, the response rate showed a clear disparity, with SQL fuzzing achieving approximately three times higher response success compared to FS fuzzing. These findings suggest that fuzzing characteristics and security robustness vary significantly depending on the target tool type within MCP environments. Overall, this study provides an early systematic evaluation of fuzzing-based vulnerability detection in MCP environments, offering foundational insights to strengthen the security of MCP-based applications.
KW - Model Context Protocol (MCP);Fuzzing;Security Vulnerability Detection;Large Language Models (LLMs);SQL and File System Comparison
DO -
UR -
ER -
Park jung-kyu and Youngmi Baek. (2025). Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments. Journal of Internet of Things and Convergence, 11(5), 3.
Park jung-kyu and Youngmi Baek. 2025, "Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments", Journal of Internet of Things and Convergence, vol.11, no.5 3.
Park jung-kyu, Youngmi Baek "Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments" Journal of Internet of Things and Convergence 11.5 3 (2025) : 3.
Park jung-kyu, Youngmi Baek. Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments. 2025; 11(5), 3.
Park jung-kyu and Youngmi Baek. "Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments" Journal of Internet of Things and Convergence 11, no.5 (2025) : 3.
Park jung-kyu; Youngmi Baek. Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments. Journal of Internet of Things and Convergence, 11(5), 3.
Park jung-kyu; Youngmi Baek. Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments. Journal of Internet of Things and Convergence. 2025; 11(5) 3.
Park jung-kyu, Youngmi Baek. Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments. 2025; 11(5), 3.
Park jung-kyu and Youngmi Baek. "Fuzzing-based Security Vulnerability Detection Method in Model Context Protocol (MCP) Environments" Journal of Internet of Things and Convergence 11, no.5 (2025) : 3.
