2025年6月，Oligo安全研究团队披露了Anthropic公司Model Context Protocol（MCP，模型上下文协议）框架核心调试工具MCP Inspector中存在的高危远程代码执行（Remote Code Execution，RCE）漏洞CVE-2025-49596。该漏洞CVSS评分为9.4分，攻击者仅需通过浏览器标签页即可完全控制开发者的 ...

There is a critical security vulnerability in Anthropic's MCP Inspector, a debugging tool for MCP servers. It allows malicious code to be executed. In a blog post, the discoverers of the Oligo ...

A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser flaws, posing serious risks to AI developers and enterprise systems. A ...

Two critical remote code execution vulnerabilities in the Model Context Protocol (MCP) ecosystem have laid bare the hidden risks lurking in what's quickly becoming AI's new backbone infrastructure.

Microsoft's AI Toolkit extension for VS Code now includes a Tool Catalog that can scaffold a Python or TypeScript MCP server with the core transport and registration plumbing already set up. In ...

"MCP is a key component to AI standardization, but Jitterbit understands that critical, real-time security measures are needed as shadow AI spreads,” said Jitterbit President and CEO Bill Conner. "For ...