Tuesday, 31 March, 2026
Critical RCE Vulnerability in Anthropic's MCP Inspector Puts Developers at Risk
By Isha
A high-severity flaw (CVE‑2025‑49596, CVSS 9.4) in Anthropic’s MCP Inspector—its browser-based debugging tool—allowed attackers to achieve remote code execution by chaining a browser 0.0.0.0-day exploit with a CSRF vulnerability. This could enable full host takeover, including data theft, backdoors, and lateral movement. Anthropic patched the bug in version 0.14.1 by adding session tokens and origin validation—developers should upgrade immediately.
Read full story at The Hacker News