TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Security researchers at Ox have disclosed a design flaw in Anthropic's Model Context Protocol (MCP) that puts approximately 200,000 servers at risk of complete takeover. The root issue lies in how MCP uses STDIO as a local transport mechanism, effectively allowing arbitrary OS command execution. This spawns four vulnerability classes: unauthenticated command injection, hardening bypass injection, zero-click prompt injection in AI IDEs (Windsurf, Cursor, Claude Code, GitHub Copilot, Gemini-CLI), and malicious MCP marketplace entries. Despite 10 high/critical CVEs issued for individual tools and repeated responsible disclosure attempts, Anthropic declined to patch the protocol architecture, calling the behavior 'expected.' Ox argues a single architectural fix at the protocol level could have protected software packages with over 150 million downloads.

MCP 'design flaw' puts 200k servers at risk: Researcher