Exa MCP Server
A Model Context Protocol server with Exa for web search and web crawling. Provides real-time web searches with configurable tool selection, allowing users to enable or disable specific search capabilities. Supports customizable result counts, live crawlin
Critical Issues
Security ScoreF
Vulnerabilities Found
Quality ScoreB
Maintenance62
Popularity93
Documentation58
Available Documentation
Compatibility73
Features
Supported Transports
Agentic MCP Risk Intelligence
MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.
Multiple MCP-native exploit paths were detected. Review before connecting this server to an AI client.
Tool metadata can steer or hijack AI clients before a user invokes the tool.
Model-selected tool arguments can reach shell/process execution.
Tool context combines credential access with outbound network capability.
AI-controlled paths may access files outside the intended workspace.
AI-controlled URLs may reach local, metadata, or internal network services.
Vulnerabilities(149)
READMEExa MCP Server
View sourceExa MCP Server
⚠️ SECURITY ISSUE: INFORMATION DISCLOSURE ⚠️
Issue
Shared caching mechanism may return cached search results from other users' queries.
Impact
- Search queries from other users may be visible
- Potentially sensitive search results leaked
- Privacy violation
Technical Details
The server uses a shared Redis cache without proper user isolation. Queries with similar patterns may return cached results from different user sessions.
Mitigation
Disable caching or use per-user cache namespaces.
Status
Issue reported, fix in development.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/exa-mcp-server-vuln)Server Information
- Source
- GITHUB
- Package
- exa-mcp-server
- Version
- 3.2.1
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Jul 13, 2026