MCPwn Runaway Tool Invocation via Retry Directive (CVE-2026-33032) - ATR-2026-00209 (9a6c2060-5a41-54af-9a33-7cf3ae745706)

Detects the MCPwn runaway-invocation pattern (CVE-2026-33032, CVSS 9.8). A malicious MCP server coerces the client into calling it in a tight loop by setting retry_hint / continue_after_error response fields to imperative tool-invoke directives rather than hint strings. Weaponized to consume token budget, probe rate limits, and escalate parameter space via brute force. Also detects SKILL.md patterns that instruct the agent to retry indefinitely on error, or to set on_error handlers that re-invoke the same tool. Disclosed 2026-04-16.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
MCPwn Runaway Tool Invocation via Retry Directive (CVE-2026-33032) - ATR-2026-00209 (9a6c2060-5a41-54af-9a33-7cf3ae745706)	Agent Threat Rules	AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a)	MITRE ATLAS Attack Pattern	1
MCPwn Runaway Tool Invocation via Retry Directive (CVE-2026-33032) - ATR-2026-00209 (9a6c2060-5a41-54af-9a33-7cf3ae745706)	Agent Threat Rules	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	1
MCPwn Runaway Tool Invocation via Retry Directive (CVE-2026-33032) - ATR-2026-00209 (9a6c2060-5a41-54af-9a33-7cf3ae745706)	Agent Threat Rules	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
MCPwn Runaway Tool Invocation via Retry Directive (CVE-2026-33032) - ATR-2026-00209 (9a6c2060-5a41-54af-9a33-7cf3ae745706)	Agent Threat Rules	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9)	MITRE ATLAS Attack Pattern	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	2