{"data":{"id":"4f60a9f6-96d5-4ab6-8ad5-b0318045ea2f","title":"‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks","summary":"Researchers have identified a flaw in Anthropic's Model Context Protocol (MCP, a system that allows AI models to interact with external tools and data) that permits unsanitized commands (user input that hasn't been cleaned or verified) to run without warning, potentially giving attackers complete control over systems using this AI technology. This vulnerability could be exploited across many widely-used AI environments as part of a supply chain attack (where attackers compromise a tool or service used by many organizations to gain access to their systems).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/","publishedAt":"2026-04-15T13:34:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Model Context Protocol (MCP)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-15T13:34:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}