Multiple Vulnerabilities In Anthropic Git Mcp Server Enable Remote Code

Git Mcp Server Mcp Servers Lobehub Critical prompt injection vulnerabilities in anthropic mcp git server lead to rce. see how attackers chain git filesystem mcp for code execution—and how to protect your ai agents. Three critical vulnerabilities in mcp server git, anthropic’s official model context protocol (mcp) server for git operations. these flaws enable attackers to execute arbitrary code, delete files, and exfiltrate sensitive data through prompt injection attacks without requiring direct system access.

Multiple Vulnerabilities In Anthropic Git Mcp Server Enable Remote Code These vulnerabilities, particularly when combined with the filesystem mcp server, could allow remote code execution or file tampering via prompt injection. reported in june 2025, these issues were patched by anthropic in december 2025 with version 2025.12.18. A set of three security vulnerabilities has been disclosed in mcp server git, the official git model context protocol (mcp) server maintained by anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt injection. Security researchers at cyata have identified three vulnerabilities in mcp server git, anthropic’s official git model context protocol (mcp) server, that enable remote code execution through prompt injection attacks.

Multiple Vulnerabilities In Anthropic Git Mcp Server Enables Code Execution Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt injection. Security researchers at cyata have identified three vulnerabilities in mcp server git, anthropic’s official git model context protocol (mcp) server, that enable remote code execution through prompt injection attacks. Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt. This demonstrates how mcp’s interconnected architecture, combining git, filesystem, and llm capabilities, can amplify individual vulnerabilities into a complete system compromise. New research from cyata reveals that flaws in the servers connecting llms to local data via anthropic’s mcp can be exploited to achieve remote code execution and unauthorized file access. Three chained vulnerabilities in anthropic's own mcp server git: cve 2025 68145 (path validation bypass), cve 2025 68143 (unrestricted git init that can turn .ssh into a git repo), and cve 2025 68144 (argument injection in git diff).

Multiple Vulnerabilities In Anthropic Git Mcp Server Enables Code Execution Anthropic has fixed three bugs in its official git mcp server that researchers say can be chained with other mcp tools to remotely execute malicious code or overwrite files via prompt. This demonstrates how mcp’s interconnected architecture, combining git, filesystem, and llm capabilities, can amplify individual vulnerabilities into a complete system compromise. New research from cyata reveals that flaws in the servers connecting llms to local data via anthropic’s mcp can be exploited to achieve remote code execution and unauthorized file access. Three chained vulnerabilities in anthropic's own mcp server git: cve 2025 68145 (path validation bypass), cve 2025 68143 (unrestricted git init that can turn .ssh into a git repo), and cve 2025 68144 (argument injection in git diff).

Anthropic Git Mcp Server Vulnerabilities Involving Path Traversal And New research from cyata reveals that flaws in the servers connecting llms to local data via anthropic’s mcp can be exploited to achieve remote code execution and unauthorized file access. Three chained vulnerabilities in anthropic's own mcp server git: cve 2025 68145 (path validation bypass), cve 2025 68143 (unrestricted git init that can turn .ssh into a git repo), and cve 2025 68144 (argument injection in git diff).