mochkil "Design" khatir f'MCP dyal Anthropic kay-khelli l-AI f'khatar dyal Remote Code Execution (RCE)
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
mochkil "Design" khatir f'MCP dyal Anthropic kay-khelli l-AI f'khatar dyal Remote Code Execution (RCE)
TL;DR (l-khulasa)
Ba7itin lqaw wa7ed l-moshkil khatir (vulnerability) f't-tsmim dyal "Model Context Protocol (MCP)" dyal Anthropic, li kay-khelli l-hiyakira y-diru "Remote Code Execution" (RCE). Had l-khallal jay men l-SDKs l-rasmiyin dyal l-protocol w l-tariqa bash kay-t’amal m3a l-STDIO transport interfaces. Wakha had l-moshkil m’atter 3la kter men 7,000 server w 150 melyon download f'itārāt l-AI l-kbayr b7al LangChain w LiteLLM, Anthropic rfedat t-beddel l-architecture, w qalu beli had t-tsarruf 3adi w dakhul f t-tsmim dyalhom.
Nadra 3amma 3la l-khallal f'MCP
Wa7ed l-fariq dyal l-ba7itin f'l-amn s-syberni men "OX Security" kshfu 3la wa7ed l-nuqtat d-do3f sistematikiya f'l-Model Context Protocol (MCP), li huwa "open standard" t-dar bash y-shrek l-moodelat dyal l-AI m3a l-masadir dyal l-data w l-adawat. Had l-vulnerability mashi ghir ghalat f'l-kod, walakin hiyya moshkil f'l-bina' (architectural flaw) li kayna f'l-SDKs l-rasmiyin dyal Anthropic l-khassa b Python, TypeScript, Java, w Rust.
Had l-khallal kay-smah b'Arbitrary Command Execution (RCE) f'l-andima li khadama b'MCP. Ila tstaghlat had l-thaghra, l-hiyakira yqdru y-ouslu l-data dyal l-users l-khassa, l-databases l-dakhliya, l-API keys, w l-history dyal l-chat.
Mada l-ta'tir
Had l-intihar l-wasse3 dyal MCP khlaq wa7ed l-athat "cascading" 3la l-silsila dyal l-imdad (supply chain) dyal l-AI. Ba7itin OX Security—Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, w Roni Bar—lahdu beli l-vulnerability m’attera 3la:
- Kter men 7,000 server w packages dyal l-programmes li mftu7in l-l-3oumoum.
- Kter men 150 melyon download 7ta l-daba.
L-moshkil jay men l-i3dadat l-ifttiradiya (unsafe defaults) li mashi amna f'tariqat khidmet MCP m3a l-interface dyal STDIO (standard input/output). Had l-interface kant madaura f'l-asl bash t-sh3el local servers w t-3ti "handle" l-l-LLM. Walakin, l-ba7itin lqaw beli had l-implémentation t-smah l-ay amr (OS command) y-tnefed. Ila l-amr kan server STDIO, kay-khdem; w ila kan chi amr akhor, kay-tnefed w men ba3d kay-3ti error.
L-mashari3 l-madrura w CVEs
Had l-ba7t adda l-iktifshaf 10 dyal l-vulnerabilities f'mashari3 AI mshhoura. Wakha chi shirikat daru patches (isla7at), l-khatar baqi kayen l-duk li khaddamin b'l-version l-asliya li mazal ma t-sal7atsh.
Aham l-mashari3 li t'atrat:
- LiteLLM (CVE-2026-30623) - T-salla7
- DocsGPT (CVE-2026-26015) - T-salla7
- Bisheng (CVE-2026-33224) - T-salla7
- GPT Researcher (CVE-2025-65720)
- LangChain-Chatchat (CVE-2026-30617)
- Flowise (CVE-2026-40933)
- Windsurf (CVE-2026-30615)
- Agent Zero (CVE-2026-30624)
Zid 3lihom, taqarir mustaqilla f'had l-3am l-fayet lqat mashakil b7al hadi f'adawat b7al Cursor (CVE-2025-54136) w LibreChat (CVE-2026-22252).
Toroq l-hujum (Attack Vectors)
L-ba7itin qasmu toroq l-istighlal l-arb3a d l-anwa3:
- Command injection (m'authéntifié aw la) 3abr l-interface dyal MCP STDIO.
- Hardening bypass 3abr l-config dyal STDIO l-mubashira.
- Zero-click prompt injection li kay-khdem bash y-3del l-config d MCP.
- Network requests 3abr MCP marketplaces li kay-sh3lu config dyal STDIO mkhabya.
Radd f3al Anthropic w khatar l-Supply Chain
Raghma had l-nata'ij, Anthropic rfedat t-beddel l-bina' dyal l-protocol, w qalu beli had t-tsarruf "expected" (mutawaqqa3).
Had l-mawquf dar intiqad kbir men "OX Security". L-ba7itin tay-qulu beli ila bqat l-implémentation l-asliya bla t-ghyir, l-moukharijin ghadi y-bqa 3ndhom khatar kbir. "Li khlla hadshi y-uoulli 'supply chain event'... huwa ana qarar wa7ed f'l-architecture t-dar merra wa7da, w t-shra f'ga3 l-lughat, l-libraries, w l-mashari3," hadshi li qalu l-ba7itin. W zadu beli had l-mas'ouliya li rawha l-duk li kay-st3mlu MCP ma-ghadish t-7iyd l-khatar, ghir ghadi t-ghatti l-asl dyalo.
Recommendations dyal l-himaya
Bash t-7mi l-andima dyalk men had l-moshkil li f't-tsmim, l-mounadamāt w l-moukharijin khasshom:
- Block Public Access: Ma t-khallish l-IPs l-3oumoumiya t-oussel l-khidamat l-7assama.
- Monitor Invocations: Raqeb mezian ga3 l-calls dyal MCP tools.
- Sandboxing: Khdem b'khidamat MCP f'andima d'sandbox m7duda.
- Input Validation: T-3amel m3a ga3 l-inputs d configuration d MCP l-kharijiya b'anna data ma-moushuqash.
- Verified Sources: Installi w dmeg ghir MCP servers li jayyin men masadir moutawaqqa3 fiha w ma3roufa.
L-masdar: The Hacker News - Anthropic MCP Design Vulnerability Enables RCE