CVE-2025-49596: Anthropic MCP Inspector RCE Explained
CVE-2025-49596 (CVSS 9.4 Critical): unauthenticated RCE in Anthropic's MCP Inspector. How the proxy architecture failed, the patch (v0.14.1), and lessons for MCP dev tools.
ReadAdversarial & AI Security.
AI security, MCP server reviews, and red-team write-ups across smart contracts, dApps, and Web2 infrastructure.
Showing 7 of 7
Cursor IDE MCP CVEs: MCPoison & CurXecute Explained
CVE-2025-54136 (MCPoison) and CVE-2025-54135 (CurXecute): tool descriptor injection and workspace-file-write RCE in Cursor IDE's MCP layer. Mechanism, impact, fixes.
Read
Anthropic MCP SDK Vulnerability (April 2026): Full Analysis
Inside the April 2026 Anthropic MCP SDK design flaw: STDIO transport allows config-to-command-execution across Python, TypeScript, Java, Rust SDKs — by design.
Read
OWASP ASI04 Explained: Agentic Supply Chain Attacks
OWASP ASI04 (Agentic Supply Chain Vulnerabilities) explained: MCP Impersonation, malicious tools, trojanised connectors. Real CVEs, attack patterns, mitigations.
Read
MCP Vulnerabilities 2025-2026: 16+ CVEs & Breach Index
Complete MCP vulnerability index: 16 disclosed breaches and 14+ CVEs since April 2025 across Anthropic, Cursor, Postmark — with OWASP ASI04 patterns. Updated weekly.
Read
How to Harden an MCP Server Before It Becomes a Master Key to Your Infrastructure
Secure your MCP servers against prompt injection, credential theft, and supply chain attacks. A practical hardening guide for identity, transport, and runtime.
Read
MCP Security Guide: 24 Checks for AI Agents & MCP Servers
Long-form MCP security guide covering 24 critical checks for AI agents and MCP servers. Learn breach patterns, tool poisoning risks, prompt injection defenses, and hardening priorities.
Read