MCP Tool Collision

Tool collision occurs when two MCP tools with the same or confusingly similar name, namespace, or capability are loaded into the same environment. This ambiguity can cause the wrong tool to be invoked — either unintentionally or maliciously. An adversary can register a tool with a colliding name to hijack requests intended for a legitimate tool, leading to data exfiltration, unauthorised actions, or denial of service.

Remediation

Enforce globally unique identifiers for MCP tools (e.g., manifest hash, publisher ID, namespace).
Resolve tools by immutable identity rather than human-readable names.
Use signed manifests and trusted registries with strict namespace ownership policies.
Implement allowlists and sandbox execution for untrusted or colliding tools.

Metadata

Severity: medium
Slug: mcp-tool-collision

CWEs

706: Use of Incorrectly-Resolved Name or Reference

OWASP

LLM01:2025: Prompt Injection
LLM03:2025: Supply Chain

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Artificial Intelligence Labs

Artificial Intelligence 1 lab

Explore 1 lab in Artificial Intelligence.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.