Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks - cyberpress.org

Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks By AnuPriya April 20, 2026 Categories: Cyber Security NewsCybersecurityVulnerability A critical vulnerability in Anthropic’s Model Context Protocol (MCP) is putting millions of systems at risk of full compromise, according to new research released by OX Security on April 15, 2026. The flaw, which affects MCP implementations across multiple programming environments, could enable attackers to execute arbitrary code remotely and gain access to sensitive data. Researchers estimate the exposure impacts over 150 million MCP-related downloads and up to 200,000 active servers. The vulnerability allows attackers to access internal databases, API keys, chat histories, and other confidential information without requiring user interaction in some cases. Unlike traditional security flaws, this issue is not caused by a coding mistake. Instead, OX Security identified it as a fundamental architectural weakness embedded in Anthropic’s official MCP software development kits (SDKs). The flaw exists across all supported languages, including Python, TypeScript, Java, and Rust, meaning any developer using MCP may unknowingly inherit the risk through their software supply chain. Multiple Exploitation Paths Identified OX Security researchers uncovered four primary attack methods tied to the vulnerability: Unauthenticated UI injection in widely used AI frameworks Security hardening bypasses in platforms like Flowise Zero-click prompt injection targeting AI IDEs such as Windsurf and Cursor Malicious payload distribution through MCP registries, with 9 out of 11 tested registries successfully compromised The team confirmed successful remote command execution on six live production platforms. Additional vulnerabilities were identified in popular tools, including LiteLLM, LangChain, and IBM’s LangFlow. MCP Disclosure Timeline (Source: OX Security) The research led to the disclosure of at least 10 vulnerabilities, many rated critical. Notable examples include: CVE-2026-30615: Windsurf zero-click prompt injection leading to local RCE CVE-2026-30623: LiteLLM authenticated RCE via JSON configuration (patched) CVE-2026-30617: LangChain-Chatchat unauthenticated UI injection CVE-2025-65720: GPT Researcher reverse shell via UI injection CVE-2026-30618: Fay framework unauthenticated web GUI RCE Despite responsible disclosure efforts, the root issue remains unresolved at the protocol level. OX Security reported that Anthropic classified the behavior as “expected,” declining to implement immediate architectural fixes. Security teams are urged to take immediate action to reduce exposure: Block public internet access to MCP-connected services handling sensitive data Treat all MCP configuration inputs as untrusted and restrict unsafe function usage Install MCP servers only from verified sources such as official repositories Run MCP services in sandboxed environments with minimal privileges Monitor system activity for unusual tool execution or data exfiltration attempts Update or disable vulnerable services until patches are available OX Security has introduced new detection capabilities to identify insecure MCP configurations and flag vulnerable code in enterprise environments. The researchers also pointed to Anthropic’s recent launch of Claude Mythos, a tool designed to improve software security, urging the company to adopt a “secure by design” approach within its own MCP ecosystem. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Google Boosts Android Security With AI-Powered Protections AI May 13, 2026 Hackers Upgrade ClickFix Attacks Using Decade-Old Python SOCKS5 Proxy Tool Cyber Security News May 13, 2026 Microsoft Rolls Out Cumulative Update for Windows 11 25H2 and 24H2 Cyber Security News May 13, 2026 BYOVD Attacks Help Ransomware Gangs Bypass Endpoint Defenses Cyber Security News May 13, 2026 Infostealer Malware Fuels Corporate Breaches Through Personal Devices Cyber Security News May 13, 2026 Related Stories AI Google Boosts Android Security With AI-Powered Protections AnuPriya - May 13, 2026 Cyber Security News Hackers Upgrade ClickFix Attacks Using Decade-Old Python SOCKS5 Proxy Tool Varshini - May 13, 2026 Cyber Security News Microsoft Rolls Out Cumulative Update for Windows 11 25H2 and 24H2 AnuPriya - May 13, 2026 Cyber Security News BYOVD Attacks Help Ransomware Gangs Bypass Endpoint Defenses Varshini - May 13, 2026 Cyber Security News Infostealer Malware Fuels Corporate Breaches Through Personal Devices Varshini - May 13, 2026 Cyber Security News Hackers Spread Kong RAT Through Fake FinalShell and Xshell Download Sites Varshini - May 13, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: