Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

What’s new: Researchers have identified a critical design vulnerability in Anthropic’s Model Context Protocol (MCP) that allows for remote code execution (RCE) on systems using vulnerable MCP implementations. This flaw affects over 7,000 servers and software packages, potentially exposing sensitive data and API keys. The vulnerabilities stem from unsafe defaults in MCP’s STDIO transport interface, leading to multiple CVE entries, including CVE-2025-65720 and CVE-2026-30623 (patched).

Who’s affected

Any system running a vulnerable implementation of Anthropic’s MCP SDK across various programming languages (Python, TypeScript, Java, Rust) is at risk. This includes popular projects like LiteLLM, LangChain, and Flowise, which have been found to contain vulnerabilities that allow for arbitrary command execution.

What to do

• Block public IP access to sensitive services.
• Monitor MCP tool invocations for suspicious activity.
• Run MCP-enabled services in a sandboxed environment.
• Treat external MCP configuration inputs as untrusted.
• Only install MCP servers from verified sources.

Sources

• The Hacker News