Security experts discovered a critical-severity vulnerability in Anthropic's Model Context Protocol (MCP) Inspector project, allowing potential remote code execution attacks against host devices.
The flaw in the Inspector tool could have been exploited by hackers to steal data, deploy malware, and move laterally within networks.
To exploit the vulnerability, attackers needed to exploit a decades-old browser bug alongside the flaw in Inspector.
Anthropic addressed the flaw, tracked as CVE-2025-49596, in mid-June 2025 by issuing a patch to version 0.14.1, adding a session token and origin validation as preventive measures.