ACCORDING to The Hacker News, security researchers have uncovered a critical “by design” weakness in the Model Context Protocol (MCP) architecture that could enable remote code execution and ripple through the AI supply chain. The flaw affects Anthropic’s official MCP SDK across languages such as Python, TypeScript, Java and Rust, with the researchers stating it could impact more than 7,000 publicly accessible servers and software packages totalling over 150 million downloads.
The findings enumerate ten vulnerabilities linked to MCP’s unsafe defaults over the STDIO transport, including several CVEs such as CVE-2025-65720 and CVE-2026-30623, among others, some of which have been patched while others remain. OX Security characterised the issue as a supply chain event rather than a single CVE, noting that Anthropic has declined to modify the protocol’s architecture, calling the current behaviour “expected” but leaving the risk unaddressed in the MCP reference implementation.
The article, published on 20 April 2026, also advises mitigations such as blocking public IPs to sensitive services, sandboxing MCP-enabled services, treating external MCP input as untrusted and only installing MCP servers from verified sources.