Skills
MCP Protocol-Level Design Flaw Affects 7,000+ Servers and 150M Downloads: Anthropic Declines Fix, Calls Behavior 'Expected'
OX Security and multiple research teams disclosed a systemic vulnerability baked into Anthropic's official MCP SDK across Python, TypeScript, Java, and Rust — unsanitized commands execute silently, enabling full system compromise. Over 7,000 publicly accessible servers and packages totaling 150M+ downloads are affected. Anthropic has declined to modify the protocol's architecture, calling it 'expected behavior,' while The Register reports 200K servers at risk and individual vendors patch independently.
↳ Follow the thread