"OX Security reports a significant architectural flaw in Anthropic's MCP code, which is embedded in most local STDIO MCPs. This flaw can lead to a complete adversarial takeover of the user's computer system."
"The exploit mechanism is straightforward: MCP's STDIO interface was designed to launch a local server process, but commands execute regardless of the process's success. Malicious commands can run without any sanitization warnings."
"Despite extensive testing and disclosure of the flaw to MCP providers, the common response was inaction, with some suggesting that the behavior was 'by design'. This left millions of users exposed to potential data theft."
Model Context Protocol (MCP), introduced by Anthropic, is widely adopted for agentic AI integration. However, OX Security identified a critical flaw in MCP's STDIO interface that allows malicious commands to execute without proper sanitization. This vulnerability can lead to complete system takeovers and data theft. Despite extensive testing and disclosure of the issue to MCP providers, initial responses were minimal, with some claiming the behavior was intentional. Ultimately, Anthropic updated its security guidance regarding MCP adapters in response to the findings.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]