Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks
A critical architectural vulnerability in Anthropic’s Model Context Protocol (MCP) SDK exposes over 150 million downloads to remote code execution (RCE) attacks, potentially compromising up to 200,000 servers. Identified by OX Security, the flaw enables attackers to take full control of affected environments, gaining access to sensitive data and internal systems; despite recommendations, Anthropic has not applied a protocol-level fix, leaving several projects vulnerable.





