Techly NewsGet the app

Get the latest tech news

From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more


How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More

In this blog post, we exploit this attack surface to varying degrees of success across different applications, including Cloudflare’s use-mcp client library, Anthropic’s MCP Inspector, Claude Code, Gemini CLI, and (almost) ChatGPT itself. Since we can force arbitrary client-side JavaScript execution, any user connecting to an MCP server via the use-mcp library could have been vulnerable to exploits such as session hijacking and account takeover. As multiple tools including MCP Inspector consume this SDK, this single upstream change improved security across the entire ecosystem instantly.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of RCE

RCE

Photo of mcp

mcp

Photo of Claude Code

Claude Code

Related news:

News photo

Apple working on MCP support to enable agentic AI on Mac, iPhone, and iPad

News photo

Fine-grained HTTP filtering for Claude Code

News photo

MCP Server Could Have Been a JSON File

« Google Docs update reveals more Material 3 Expressive and new filters in the pipeline
NASA’s new astronaut class includes SpaceX veterans Anna Menon and Yuri Kubo »