CVE

CVE-2026-40933

1field note · 1digest CVSS 9.9

Field notes

Analysis · May 1, 2026 · The Commentary Desk
Anthropic's MCP gives every downstream app unauthenticated RCE, and they called it expected behavior
The Model Context Protocol's STDIO transport passes user input directly into subprocess execution with no sanitization. OX Security found 14+ CVEs across the ecosystem. Anthropic declined to patch.

Daily digests

Flowise's "Custom MCP" feature lets any authenticated user add a stdio-based MCP server with an arbitrary command. The input sanitization checks are easy to bypass: you can pass something like 'npx -c touch /tmp/pwn' through the allow-listed 'npx' command. That gives you OS-level command execution on the Flowise host. You need a valid login, but any user role can pull it off.

Daily Digest · Apr 22, 2026
AVideo CVSS 10 + Firefox DOM bypass, 5 critical fixes