20260420-thehackernews.com-85de6 | Perceptive Security

< Back to index

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Published:

20 April 2026 at 10:42:00

Alert date:

20 April 2026 at 11:01:22

Source:

thehackernews.com

Supply Chain & Dependencies, Emerging Technologies

Cybersecurity researchers discovered a critical by-design weakness in Anthropic's Model Context Protocol (MCP) architecture that enables remote code execution. The vulnerability allows arbitrary command execution on systems running vulnerable MCP implementations, giving attackers direct system access. This design flaw poses significant risks to the AI supply chain ecosystem. The vulnerability affects any system implementing the vulnerable MCP architecture. The flaw could have cascading effects across AI infrastructure and services.

Technical details

Critical design vulnerability in Anthropic's Model Context Protocol (MCP) architecture enables remote code execution through unsafe defaults in MCP configuration over STDIO transport interface. The vulnerability allows arbitrary command execution on any system running vulnerable MCP implementation by exploiting the STDIO interface configuration-to-command execution pathway. The flaw is systemic across all MCP SDK implementations in Python, TypeScript, Java, and Rust, affecting over 7,000 publicly accessible servers and 150 million downloads.

Mitigation steps:

Block public IP access to sensitive services
Monitor MCP tool invocations
Run MCP-enabled services in a sandbox
Treat external MCP configuration input as untrusted
Only install MCP servers from verified sources

Affected products:

Anthropic Model Context Protocol (MCP) SDK
GPT Researcher
LiteLLM
Agent Zero
Fay Framework
Bisheng
Langchain-Chatchat
Jaaz
Upsonic
Windsurf
DocsGPT
Flowise
LangChain
LangFlow
LettaAI
LangBot
MCP Inspector
LibreChat
WeKnora
@akoskm/create-mcp-server-stdio
Cursor