安全研究团队Ox发现，Anthropic的模型上下文协议（MCP）存在设计缺陷，波及约20万台服务器，可能导致系统被完全接管。研究人员多次要求Anthropic从协议层面修复根本问题，但Anthropic以"行为符合预期"为由拒绝修改架构。该漏洞已衍生出命令注入、防护绕过、零点击提示注入及MCP市场投毒等四类攻击方式，影响LangFlow、Flowise等多个主流项目，涉及下载量超1.5亿次的软件 ...

智东西4月17日消息， 4月15日以色列网络安全公司OX ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

一份安全报告，让AI开发者圈子里绷紧了一根弦。 网络安全公司OX Security于4月15日发布调查报告，披露Anthropic的MCP（模型上下文协议）存在架构层面的设计缺陷，可导致远程代码执行，影响超过20万台AI服务器。

Anthropic sees no issues - and says the tools are working as intended.

IT之家 4 月 16 日消息，网络安全公司 OX Security 昨日（4 月 15 日）发布报告，披露 Anthropic 的 MCP（模型上下文协议）存在设计缺陷，可导致远程代码执行。 该设计缺陷影响范围极广，导致超过 20 万台 AI ...

OX Security 认为这不是代码笔误，而是架构层面的设计决策。漏洞波及 Anthropic 官方支持的全部 11 种语言：Python、TypeScript、Java、Kotlin、C#、Go、Ruby、Swift、PHP、Rust。

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

A critical flaw in Python tool Marimo was exploited within 10 hours of disclosure, researchers report, highlighting how quickly attackers are now turning vulnerability advisories into real-world ...

Vulnerability attacks rose 56% in 2025. Explore 46 statistics on CVE disclosure, exploitation patterns, and industry impact to guide your 2026 security strategy. The post 46 Vulnerability Statistics ...