Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Smithery

Smithery Vendor Cyber Rating & Cyber Score

smithery.ai


Smithery A.I CyberSecurity Scoring

Smithery
Company Information
Website:http://smithery.ai
Employees number:6
Number of followers:0
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:smithery.ai
Smithery Risk Score (AI oriented)
Between 750 and 799
logo
SmitheryTechnology, Information and Internet
Updated:
02/04/2026
796/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Smithery Global Score (TPRM)
xxxx
logo
SmitheryTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Smithery
SmitheryFair
Current Score
796Baa (FAIR)
01000
1 incidents
-16 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
797Before Incident
JUNE 2026
797Before Incident
MAY 2026
797Before Incident
APRIL 2026
797Before Incident
MARCH 2026
796Before Incident
FEBRUARY 2026
796Before Incident
JANUARY 2026
796Before Incident
DECEMBER 2025
796Before Incident
NOVEMBER 2025
796Before Incident
OCTOBER 2025
812Before Incident
Vulnerability
23 Oct 2025Smithery
Smithery.ai

Critical Path Traversal Vulnerability in Smithery.ai Exposes 3,000+ AI Servers and API Keys

796After Incident
CRITICAL-16
SMI3162131102325
Security researchers at GitGuardian uncovered a critical path traversal vulnerability in Smithery.ai, a Model Context Protocol (MCP) server hosting platform. The flaw, stemming from improper validation of the `dockerBuildPath` parameter, allowed attackers to access arbitrary filesystem locations on Smithery’s build infrastructure. Exploiting this, attackers could exfiltrate sensitive files, including Docker authentication credentials stored in `.docker/config.json`, which were overprivileged and granted access to Smithery’s Docker registry and fly.io’s machines API.The compromise enabled arbitrary code execution on over 3,000 hosted MCP servers, exposing API keys, authentication tokens, and network traffic from thousands of clients. The centralized nature of Smithery.ai amplified the risk, creating a supply chain attack vector where a single breach could cascade across dependent organizations. While no evidence of malicious exploitation was found before patching, the incident highlighted severe risks in AI infrastructure security, particularly around static, long-term API keys and centralized hosting models. Smithery.ai remediated the issue within 48 hours of disclosure, but the vulnerability posed a high-risk scenario for large-scale data exposure and infrastructure takeover.
INCIDENT DETAILS -
TYPE
Supply Chain AttackPath Traversal VulnerabilityCredential CompromiseUnauthorized Access
IMPACT
API keysAuthentication tokensDocker credentials (.docker/config.json)Filesystem listingsNetwork traffic (including client API keys)Systems Affected: 3,000+ hosted MCP servers and portions of Smithery.ai’s infrastructureOperational Impact: Potential arbitrary code execution on all hosted MCP servers; risk of cascading breaches across dependent organizationsBrand Reputation Impact: High (due to supply chain risk exposure and centralized AI infrastructure vulnerability)
DATA BREACH
API keysAuthentication tokensDocker credentialsFilesystem metadataNetwork trafficSensitivity Of Data: High (long-term static API keys, infrastructure credentials)Data Exfiltration: Demonstrated in proof-of-concept (filesystem listings, credentials).docker/config.jsonsmithery.yamlDockerfilesNetwork traffic dumps
SEPTEMBER 2025
812Before Incident
AUGUST 2025
812Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Smithery ?
?
What was Smithery's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Smithery's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Smithery's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Smithery's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Smithery's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Smithery's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Smithery's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Smithery ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Smithery's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?