Find notable cyber news and cases, enriched with sources, timelines, and signals.

MCP STDIO arbitrary command execution security flaw

Vulnerability
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

A critical MCP flaw in the STDIO interface can trigger arbitrary command execution, putting connected AI systems at risk of data exposure and system takeover. The issue affects Anthropic's official MCP SDKs across Python, TypeScript, Java, and Rust and can expose sensitive user data, internal databases, API keys, and chat histories. The reported blast radius reaches over 200 open source projects, 150 million downloads, 7000+ publicly accessible servers, and up to 200,000 vulnerable instances. Anthropic reportedly said the behavior is by design and declined to change the protocol, leaving remediation to developers.

Related Happenings

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

Anthropic Claude Code usage-limits bug causing faster exhaustion

Service Disruption
H score14 First: 01.04.2026 03:32 Last: 01.04.2026 03:32 Sources 1

About this happening: Anthropic is investigating a **Claude Code** bug that makes **usage limits** exhaust much faster than expected, leaving affected users blocked from normal use. The issue was still...

Anthropic Claude Code code injection and API key disclosure flaws (multiple vulnerabilities)

Vulnerability
H score33 First: 25.02.2026 19:00 Last: 25.02.2026 19:00 Sources 1

About this happening: **Anthropic's Claude Code** has multiple disclosed flaws that can enable **remote code execution** and **API key theft** when developers open **untrusted repositories**. The issue...

SANDWORM_MODE supply-chain worm targeting AI assistant configs

Malware Activity
H score30 First: 23.02.2026 18:00 Last: 23.02.2026 18:00 Sources 1

About this happening: The **SANDWORM_MODE** worm is spreading through **malicious npm packages**, stealing **developer and CI credentials** and injecting rogue **MCP servers** into AI assistant configu...

Ghostscript OpenSC and CGIF memory corruption flaws memory corruption flaw

Vulnerability
H score0 First: 06.02.2026 07:49 Last: 06.02.2026 07:49 Sources 1

About this happening: **Ghostscript**, **OpenSC**, and **CGIF** were among the open-source libraries affected by a newly disclosed batch of **more than 500 previously unknown high-severity flaws**. The...

Timeline

  1. 16.04.2026 12:40 2 articles · 2mo ago

    Ox Security discloses MCP STDIO command execution flaw

    Initial Disclosure

    Ox Security disclosed a critical, systemic flaw in Anthropic’s model context protocol (MCP) that could allow arbitrary command execution through the STDIO interface and expose sensitive user data, internal databases, API keys, and chat histories across Anthropic’s official MCP SDKs in Python, TypeScript, Java, and Rust. The exposure was described as an architectural design decision, with Anthropic reportedly saying the behavior was by design and declining to modify the protocol; Ox Security said the issue could affect over 200 open source projects, 150 million downloads, 7000+ publicly accessible servers, and up to 200,000 vulnerable instances.

    Show sources