#ask-gordon

#ask-gordon

A critical Docker Ask Gordon vulnerability allows malicious image metadata to execute arbitrary commands via MCP Gateway, enabling RCE or data exfiltration through 'meta-context injection'.

A metadata label in Docker images allowed Ask Gordon's AI to execute commands via MCP Gateway, enabling remote code execution and data exfiltration until patched.