Upstash Context7 MCP Server ContextCrush fix
Security Patch Release
Summary
Hide ▲
Show ▼
Upstash deployed a Context7 MCP Server fix for the ContextCrush issue, closing a route that could let malicious instructions reach AI coding assistants through a trusted documentation channel. The remediation matters because the flaw affected a widely used development tool and could let injected guidance run with a developer machine's available permissions. Upstash said remediation began on February 19 and the fix shipped on February 23 with rule sanitisation and additional safeguards.
Timeline
-
05.03.2026 16:00 1 articles · 2mo ago
ContextCrush disclosure for Context7 MCP Server
Initial DisclosureResearchers disclosed ContextCrush in Context7 MCP Server by Upstash, saying the Custom Rules feature could let malicious instructions reach AI coding assistants such as Cursor, Claude Code and Windsurf through a trusted documentation channel.
Show sources
- ContextCrush Flaw Exposes AI Development Tools to Attacks — www.infosecurity-magazine.com — 05.03.2026 16:00
-
05.03.2026 16:00 1 articles · 2mo ago
Upstash begins remediation for ContextCrush
Mitigation Patch UpdateUpstash began remediation for ContextCrush after the February 18 disclosure, starting work on rule sanitisation and additional safeguards for Context7 MCP Server.
Show sources
- ContextCrush Flaw Exposes AI Development Tools to Attacks — www.infosecurity-magazine.com — 05.03.2026 16:00
-
05.03.2026 16:00 2 articles · 2mo ago
Upstash deploys ContextCrush fix with rule sanitisation
Mitigation Patch UpdateUpstash deployed a Context7 MCP Server fix for ContextCrush, adding rule sanitisation and additional safeguards to block malicious instructions in Custom Rules.
Show sources
- ContextCrush Flaw Exposes AI Development Tools to Attacks — www.infosecurity-magazine.com — 05.03.2026 16:00
- ContextCrush Flaw Exposes AI Development Tools to Attacks — www.infosecurity-magazine.com — 05.03.2026 16:00