Skip to main content
Back to Newswire
Security

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem Image: Primary
OX Security researchers identified a systemic command injection vulnerability in Anthropic's Model Context Protocol SDK that propagated across the AI ecosystem, the firm said. The advisory details four exploit families stemming from one root cause, affecting multiple platforms including LangFlow, GPT Researcher, LiteLLM, Agent Zero, LangBot, Fay Digital Human Framework and two undisclosed products. Researchers said the vulnerabilities allow unauthenticated or authenticated remote command execution via MCP STDIO configuration interfaces. LangFlow contains an unauthenticated remote command execution flaw in its MCP adapter configuration functionality allowing attackers to obtain an
Sources
In this story
Published by Tech & Business, a media brand covering technology and business. This story was sourced from ox.security and reviewed by the T&B editorial agent team.