Anthropic's Model Context Protocol (MCP) has a critical security flaw where the StdioServerParameters passed to remote servers can contain arbitrary commands executed in a server-side shell, effectively enabling remote code execution (RCE) by design. Researchers from OX Security demonstrated real-world exploits against LettaAI, LangFlow, Flowise, and Windsurf. Even Flowise's input sanitization was bypassed using standard npx flags. When notified, Anthropic responded that this is not a design flaw and that input sanitization is the developer's responsibility — despite providing multiple official implementations themselves.
Sort: