Vibe Coding
Pattern: Untrusted HTML Reaching an IDE — READMEs, Tool Descriptions, Browsed Pages — Is the New RCE Surface for Coding Agents
CVE-2026-30615's zero-click chain (cloned-repo README or poisoned remote tool description → auto-registered malicious MCP server → RCE) sits alongside research finding 7,000+ publicly reachable MCP servers and packages totaling 150M+ downloads exposed to command injection, SSRF, and file access. As agents gain in-app browsers and auto-loaded MCP configs, any attacker-controlled text an agent reads is executable-adjacent — keep a human confirmation gate on config mutation and shell/npx calls sourced from fetched content.
Source
↳ Follow the thread