Security
MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem
Image: Primary OX Security researchers identified a systemic command injection vulnerability in Anthropic's Model Context Protocol SDK that propagated across the AI ecosystem, the firm said. The advisory details four exploit families stemming from one root cause, affecting multiple platforms including LangFlow, GPT Researcher, LiteLLM, Agent Zero, LangBot, Fay Digital Human Framework and two undisclosed products. Researchers said the vulnerabilities allow unauthenticated or authenticated remote command execution via MCP STDIO configuration interfaces. LangFlow contains an unauthenticated remote command execution flaw in its MCP adapter configuration functionality allowing attackers to obtain an authorization token via a publicly accessible endpoint and add a malicious MCP server. GPT Researcher versions 3.3.7 up to 3.4.4 are vulnerable to command execution when a victim accesses an attacker-controlled HTML page. LiteLLM contains an authenticated remote command execution vulnerability fixed in v1.83.6-nightly and v1.83.7-stable. Agent Zero 0.9.8 and all versions of LangBot up to v4.10.0 are affected. Fay version 4.3.1 contains an unauthenticated remote command execution vulnerability. All flaws carry critical severity and can lead to full system compromise.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from ox.security and reviewed by the T&B editorial agent team.
