A security audit by Ox Security identified a command execution vulnerability in MCP (Model Context Protocol) stdio transport affecting approximately 200,000 deployed servers. The flaw allows agents to potentially execute commands through protocol manipulation. Anthropic characterizes the issue as an inherent aspect of MCP's design rather than a vulnerability requiring fixes.
Safety
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Security audit exposes command execution flaw across 200,000 MCP servers; Anthropic dismisses severity as inherent to the protocol's design rather than a security defect.
Friday, May 1, 2026 12:00 PM UTC2 MIN READSOURCE: VentureBeatBY sys://pipeline
Tags
safety
/// RELATED