1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'This is not a traditional coding error': Experts flag potentiall

    From TechnologyDaily@1337:1/100 to All on Thursday, April 16, 2026 13:15:25
    'This is not a traditional coding error': Experts flag potentially critical security issues at the heart of Anthropic's MCP, exposes 150 million
    downloads and thousands of servers to complete takeover

    Date:
    Thu, 16 Apr 2026 12:05:00 +0000

    Description:
    Anthropic sees no issues - and says the tools are working as intended.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Ox researchers warn Anthropics Model Context Protocol has systemic RCE flaw Vulnerability baked into MCP SDKs across Python, TypeScript, Java, Rust 200,000+ instances exposed; Anthropic says behavior is expected Security researchers Ox have claimed Anthropics Model Context Protocol (MCP) contains a critical, systemic vulnerability which puts hundreds of thousands of instances at risk of remote code execution (RCE).

    Anthropic, on the other hand, allegedly said the system works as intended.
    MCP is a standard that lets AI tools securely connect to external data
    sources and apps. It is a vital component of any model because without it, it can only rely on the data it was trained on. The standard is used by both AI companies and developers building AI tools, and it is seen in both OpenAI and DeepMind products, as well as Anthropics own Claude apps. Article continues below You may like Anthropic's official Git MCP server had some worrying security flaws - this is what happened next Security experts flag multiple issues in Claude Code, warning, 'As AI integration deepens, security controls must evolve to match the new trust boundaries' LangChain framework hit by several worrying security issues Millions are affected In its findings, Ox researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni Bar, said that what they found in MCP was not a traditional coding error, but an architectural design decision baked into Anthropics official MCP SDKs across every supported programming language, including Python, TypeScript, Java, and Rust.

    Any developer building on the Anthropic MCP foundation unknowingly inherits this exposure, they warned.

    Ox said the flaw can be triggered in different ways, from unauthenticated UI injection, to hardening bypasses in protected environments; and from zero-click prompt injection in leading AI IDEs, to malicious marketplace distributions .

    They claim to have successfully executed commands on six live production platforms and identified critical vulnerabilities in industry staples like LiteLLM, LangChain, and IBMs LangFlow. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The researchers said more than 7,000 publicly accessible servers and up to 200,000 instances are now vulnerable. So far, theyve issued 10 CVEs and
    helped remedy the bugs. However, the root cause remains unaddressed at the protocol level.

    Ox also said it reached out to Anthropic and recommended root patches, to which the company said the MCPs behavior is expected. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-is-not-a-traditional-coding-error- experts-flag-potentially-critical-security-issues-at-the-heart-of-anthropics-m cp-exposes-150-million-downloads-and-thousands-of-servers-to-complete-takeover


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)