Researchers have identified a systemic "by design" vulnerability in Anthropic’s Model Context Protocol (MCP) that facilitates remote code execution (RCE) across the AI supply chain. This flaw, rooted in unsafe defaults within the MCP software development kit (SDK), affects over 7,000 servers and 150 million downloads across multiple programming languages including Python and TypeScript.
The issue stems from the protocol's STDIO transport interface, allowing attackers to execute arbitrary OS commands through various injection methods, including zero-click prompt injection and unauthenticated network requests. Despite the discovery of over ten specific CVEs in popular projects like LangChain and LiteLLM, Anthropic has characterized the behavior as expected, leaving the burden of mitigation on individual developers and downstream implementers.
Top comments (0)