Critical RCE Vulnerability in Anthropic's MCP Inspector Puts Developers at Risk

Sunday, 20 July

Monday, 7 July, 2025

Critical RCE Vulnerability in Anthropic's MCP Inspector Puts Developers at Risk

A high-severity flaw (CVE‑2025‑49596, CVSS 9.4) in Anthropic’s MCP Inspector—its browser-based debugging tool—allowed attackers to achieve remote code execution by chaining a browser 0.0.0.0-day exploit with a CSRF vulnerability. This could enable full host takeover, including data theft, backdoors, and lateral movement. Anthropic patched the bug in version 0.14.1 by adding session tokens and origin validation—developers should upgrade immediately.

Read full story at The Hacker News

Tags:debugging Anthropic remote code

Categories

Critical RCE Vulnerability in Anthropic's MCP Inspector Puts Developers at Risk

Also Read

Microsoft Expands Copilot Vision to Scan Entire Windows Desktop for Real-Time AI Assistance

Trump to Resolve “Crypto Week” Deadlock After House GOP Rifts

Sarvam AI To Open-Source IndiaAI Mission Models To Boost Local AI Innovation

Meta Patches AI Bug That Exposed Private User Prompts and Responses

India Inc Embraces Autonomous AI, Moving Beyond Isolated Pilots

Indians Invest $150M–$200M as Bitcoin Surges to All-Time High

OpenAI Expands Compute Reach, Partners with Google Cloud Beyond Microsoft

Trump Signs GENIUS Act, Creating First U.S. Stablecoin Framework

Perplexity AI Eyes Mobile Dominance by Pre-Installing Comet AI Browser with OEMs

Subscribe To Our Newsletter.