My MCP Server Lied to Claude. Claude Repeated It as Fact — 100% of the Time.

Given the state of MCP security right now, I wanted to check my own stack. 30 CVEs between January and February 2026. An npm package (mcp-remote, 558K+ downloads) with a critical RCE flaw. A fake Postmark server on the MCP registry, silently exfiltra...