Anthropic Git Mcp Server Found Vulnerable To Code Execution Attacks

Multiple Vulnerabilities In Anthropic Git Mcp Server Enable Remote Code New research from cyata reveals that flaws in the servers connecting llms to local data via anthropic’s mcp can be exploited to achieve remote code execution and unauthorized file access. Three critical vulnerabilities in mcp server git, anthropic’s official git model context protocol (mcp) server. the flaws enable attackers to execute arbitrary code, delete files, and read sensitive data through prompt injection attacks without requiring direct system access.

Multiple 0 Day Vulnerabilities In Anthropic Git Mcp Server Enables Code A set of three security vulnerabilities has been disclosed in mcp server git, the official git model context protocol (mcp) server maintained by anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. Critical prompt injection vulnerabilities in anthropic mcp git server lead to rce. see how attackers chain git filesystem mcp for code execution—and how to protect your ai agents. These vulnerabilities, particularly when combined with the filesystem mcp server, could allow remote code execution or file tampering via prompt injection. reported in june 2025, these issues were patched by anthropic in december 2025 with version 2025.12.18. Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt injection.

Anthropic Git Mcp Server Found Vulnerable To Code Execution Attacks These vulnerabilities, particularly when combined with the filesystem mcp server, could allow remote code execution or file tampering via prompt injection. reported in june 2025, these issues were patched by anthropic in december 2025 with version 2025.12.18. Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt injection. Vulnerabilities in servers implementing anthropic’s model context protocol (mcp) could allow attackers to perform remote code execution and access sensitive files by manipulating an. The flaws stem from insufficient input validation and argument sanitization in core git operations. through prompt injection, attackers can execute code, delete files, and exfiltrate sensitive data without direct system access. patches are available in version 2025.12.18 and later. Three security vulnerabilities in anthropic’s mcp server git package could allow reading or deleting arbitrary files and, in a chained scenario, remote code execution. I discovered two vulnerabilities in anthropic’s filesystem mcp server that undermine its security, allowing attackers to access sensitive data, manipulate files, and even execute malicious code, potentially leading to system takeovers. as mcp’s adoption soars, these flaws demand immediate attention.