MAY 4, 2026

Tag

#anthropic

1 post tagged #anthropic.

Analysis · May 1, 2026 · Victor Hayes

Anthropic's MCP gives every downstream app unauthenticated RCE, and they called it expected behavior

The Model Context Protocol's STDIO transport passes user input directly into subprocess execution with no sanitization. OX Security found 14+ CVEs across the ecosystem. Anthropic declined to patch.