If you discover a security vulnerability in the Azure Cosmos DB MCP Toolkit, please report it responsibly to us rather than disclosing it publicly. This helps us address security issues before they become a widespread problem.
Please do NOT create a public GitHub issue. Instead:
-
Email Security Report:
- Send to: opencode@microsoft.com
- Subject line:
[Security] Azure Cosmos DB MCP Toolkit Vulnerability - Include the vulnerability details
-
What to Include:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact and severity
- Suggested fix (if you have one)
-
Expected Response:
- We acknowledge receipt within 2 business days
- We'll investigate and provide updates on our progress
- We'll work with you to understand and fix the issue
- We'll credit you in the security advisory (if desired)
- Entra ID Required: The MCP server requires Azure Entra ID tokens for all requests
- Managed Identity: Azure Container Apps uses managed identity for Cosmos DB access (no keys in code)
- Role-Based Access (RBAC): Users must be assigned the
Mcp.Tool.Executorrole - Token Validation: All JWT tokens are validated before processing requests
- Cosmos DB Protection: The server only has access to the specific Cosmos DB account you configure
- HTTPS Only: All communication is encrypted in transit (HTTPS)
- No Telemetry: The server does not collect or send telemetry about your data
- No Logging: Query data is not logged by the MCP server itself
- Multi-stage Docker Build: Production image includes only runtime, no build tools
- Azure Container Registry: Images stored securely with private network options
- Container Scanning: Recommend scanning images for vulnerabilities before deployment
- Managed Service: Azure Container Apps handles patching and updates
- Recommended: Deploy MCP server in a private virtual network with Azure Cosmos DB
- Firewall Rules: Use Cosmos DB firewall to restrict access
- Private Endpoints: Consider using Private Link for network isolation
| Version | Status | Security Updates |
|---|---|---|
| 1.1.x | Current | β Yes |
| 1.0.x | End of Life | β No |
We recommend upgrading to the latest version to receive security updates and bug fixes.
When using the MCP Toolkit:
-
Keep Dependencies Updated:
# Update .NET SDK regularly dotnet tool update -g azure-functions-core-tools
-
Secure Cosmos DB Access:
- Use connection strings from Key Vault (not hardcoded)
- Rotate keys regularly
- Use Managed Identity when possible
-
Monitor Access:
- Enable Azure Monitor for Container Apps
- Enable Azure Cosmos DB audit logs
- Review role assignments regularly
-
Network Isolation:
- Deploy in a private VNet
- Use Private Endpoints for Cosmos DB
- Restrict Container App ingress
-
Update Regularly:
- Check for new releases monthly
- Subscribe to security advisories
- Test updates in a staging environment first
We aim to:
- π΄ Critical (CVSS 9-10): Patch within 1-2 days
- π High (CVSS 7-8.9): Patch within 1 week
- π‘ Medium (CVSS 4-6.9): Patch within 2 weeks
- π’ Low (CVSS 0-3.9): Include in next release
We thank security researchers who responsibly disclose vulnerabilities. We'll acknowledge your responsible disclosure if you wish (you can request anonymity).
- Microsoft Security Response Center (MSRC)
- Azure Security Best Practices
- Cosmos DB Security
- OWASP Top 10
Last Updated: June 2026