All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

MCP Authentication Flaws Enable Remote Code Execution in Claude Code and Gemini CLI

By

stuxf

8mo ago· 11 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score100TypeanalysisSentimentnegative

Summary

Security researchers discovered that connecting to a malicious MCP (Model Context Protocol) server via coding tools like Claude Code and Gemini CLI could allow attackers to gain remote code execution (RCE) on users' computers. The exploit leverages authentication flaws in the MCP protocol implementation, enabling attackers to execute arbitrary commands on victim machines. The article demonstrates the vulnerability by showing how an attacker could open the calculator app ("popping calc") on a target's computer through Claude Code, and warns that the exploit could be extended for more malicious purposes.

Key quotes

· 3 pulled
During our security testing, we discovered that connecting to a malicious MCP server via common coding tools like Claude Code and Gemini CLI could give attackers instant control over user computers.
"Popping calc" is a harmless way of showcasing remote code execution.
The exploits we found can be extended for malicious purposes beyond that.
Snippet from the RSS feed
How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More

You might also wanna read

VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers

A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot

cybersecuritynews.com·2d ago

SymJack Attack Exploits AI Coding Agents for Supply Chain Compromise

This article describes a novel supply chain attack called 'SymJack' that targets AI coding agents. The attack exploits the trust and automat

briefly.co·4d ago

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware

A hacker exploited a vulnerability in Cline, an open-source AI coding agent, to trick it into installing OpenClaw (a viral AI agent) on comp

The Verge·3mo ago

MCP Playground: Open-Source Web Tool for Testing Model Context Protocol Servers

MCP Playground is an open-source web-based developer tool for inspecting and testing Model Context Protocol (MCP) servers. It provides an in

Product Hunt·6mo ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·1d ago

Arcade.dev Launches Open-Source MCP Framework with Built-in Authentication

Arcade.dev introduces arcade-mcp, an open-source MCP (Model Context Protocol) framework that enables developers to launch secure MCP servers

Product Hunt·7mo ago