{"data":{"id":"bbabcdda-ac47-4dd9-804d-68c05fe97c78","title":"RCE by design: MCP architectural choice haunts AI agent ecosystem","summary":"AI agent tools that use Model Context Protocol (MCP, a method for applications to expose data and tools to AI systems) over STDIO (a local communication method) have unsafe default settings that allow remote code execution, where attackers can run commands on systems they don't own. Anthropic and other framework developers argue that client application developers are responsible for filtering malicious commands, but researchers found that most developers either don't filter these commands or fail to catch all bypass techniques, leaving thousands of public servers and commercial systems vulnerable.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4159889/rce-by-design-mcp-architectural-choice-haunts-ai-agent-ecosystem.html","publishedAt":"2026-04-16T22:14:04.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","LangChain","Microsoft"],"affectedVendorsRaw":["Anthropic","Model Context Protocol (MCP)","LangChain","FastMCP","Microsoft","NVIDIA","Amazon","OpenAI","Google","Cursor","Claude","Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-16T22:14:04.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}