Asana Discloses Data Exposure Bug in MCP Server | UpGuard

**Executive summary:** On June 4 Asana discovered a bug in its Model Context Protocol (MCP) server that could have exposed data across customer accounts (limited to objects and data visible to the MCP user's permissions); the company took the server offline, fixed the issue, notified potentially affected customers, and offered logs and remediation steps, with no indication of external exploitation.