Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution - gbhackers.com

AICVE/vulnerabilityCyber Security News 2 min.Read Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution By Divya April 20, 2026 Share Facebook Twitter Pinterest WhatsApp A critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enables Arbitrary Remote Code Execution (RCE) on any system running a vulnerable MCP implementation, allowing attackers to access sensitive user data, internal databases, API keys, and chat histories. Unlike traditional software vulnerabilities, this is not a coding error. Researchers identified it as an architectural design decision embedded directly into Anthropic’s official MCP SDKs across all supported programming languages, including Python, TypeScript, Java, and Rust. Any developer building on MCP unknowingly inherits this exposure through the supply chain. Massive Blast Radius OX Security’s research identified four distinct exploitation families: Unauthenticated UI Injection in popular AI frameworks Hardening Bypasses in supposedly protected environments like Flowise Zero-Click Prompt Injection targeting AI IDEs, including Windsurf and Cursor Malicious Marketplace Distribution, with 9 out of 11 MCP registries successfully poisoned with a malicious test payload Researchers confirmed successful command execution on six live production platforms and identified critical vulnerabilities in LiteLLM, LangChain, and IBM’s LangFlow. The research has resulted in at least 10 CVEs, several of which are rated Critical. Key affected products include: CVE-2026-30615 — Windsurf: Zero-click prompt injection leading to local RCE (Critical, Reported) CVE-2026-30623 — LiteLLM: Authenticated RCE via JSON config (Critical, Patched) CVE-2026-30617 — Langchain-Chatchat: Unauthenticated UI injection (Critical, Reported) CVE-2025-65720 — GPT Researcher: UI injection and reverse shell (Critical, Reported) CVE-2026-30618 — Fay Framework: Unauthenticated Web-GUI RCE (Critical, Reported) OX Security made multiple recommendations to Anthropic for root-level patches that would have immediately protected millions of downstream users. Anthropic declined, reportedly describing the behaviour as “expected.” MCP Disclosure Timeline (Source: OX Security) The researchers subsequently notified Anthropic of their intent to publish, and no objections were raised. Despite over 30 responsible disclosures and more than 10 High/Critical CVEs filed, the root cause remains unaddressed at the protocol level. What Organizations Should Do Now Block public internet access to AI services connected to sensitive APIs and databases. Treat all external MCP configuration input as untrusted, never allow raw user input to reach StdioServerParameters or similar functions. Install MCP servers only from verified sources such as the official GitHub MCP Registry Run MCP-enabled services inside sandboxed environments with restricted permissions. Monitor all tool invocations for unexpected background activity or attempts at data exfiltration. Upgrade all affected services immediately and disable unpatched versions until fixes are available. OX Security has shipped new protections following this research. Its platform now detects improper use of STDIO-based MCP configurations in AI-generated code and flags existing vulnerable configurations in customer codebases as actionable findings. The researchers note that Anthropic recently unveiled Claude Mythos, a tool aimed at securing the world’s software, calling on the company to apply that same standard to its own MCP architecture through a Secure by Design approach. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore CVE/vulnerability Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities 0 Mozilla has released Firefox 150 to patch 41 security... cyber security Malicious Google Ads Hit Crypto Users With Wallet Drainers 0 Malicious Google Ads are increasingly being used to steal... Cyber Security News Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations 0 Infrastructure intelligence firm Infrawatch has exposed a globally distributed... cyber security 109 Fake GitHub Repos Spread SmartLoader, StealC Malware 0 A coordinated malware operation is abusing fake GitHub repositories... cyber security French Fintech Accounts Used to Launder Stolen Funds Before Detection 0 Cybercriminals are turning French freelancer fintech accounts into high-speed... Cyber Attack Lotus Wiper Hits Energy Sector in Destructive Cyberattack 0 Hackers have deployed a new destructive malware, dubbed Lotus Wiper ,... Cyber Security News Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks 0 A critical vulnerability, tracked as CVE-2026-22752, has been disclosed in... CVE/vulnerability Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks 0 Atlassian has disclosed a critical OS Command Injection vulnerability... Related Articles Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities CVE/vulnerability April 22, 2026 Malicious Google Ads Hit Crypto Users With Wallet Drainers cyber security April 22, 2026 Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations Cyber Security News April 22, 2026 109 Fake GitHub Repos Spread SmartLoader, StealC Malware cyber security April 22, 2026 French Fintech Accounts Used to Launder Stolen Funds Before Detection cyber security April 22, 2026 Recent News Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities Divya - April 22, 2026 Malicious Google Ads Hit Crypto Users With Wallet Drainers Mayura Kathir - April 22, 2026 Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations Divya - April 22, 2026 109 Fake GitHub Repos Spread SmartLoader, StealC Malware Mayura Kathir - April 22, 2026 French Fintech Accounts Used to Launder Stolen Funds Before Detection Mayura Kathir - April 22, 2026 Lotus Wiper Hits Energy Sector in Destructive Cyberattack Mayura Kathir - April 22, 2026