Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely

A newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector that could allow hackers to execute arbitrary code on developers’ machines—simply by luring them to a malicious website.

CVE-2025-49596: A Critical Threat

Tracked as CVE-2025-49596 and carrying a CVSS score of 9.4, this flaw was discovered by Oligo Security Research and affects all versions of MCP Inspector prior to 0.14.1.

The vulnerability stems from a lack of authentication between the Inspector’s client and its proxy server, enabling unauthenticated requests to trigger arbitrary commands via the tool’s standard input/output interface.

How the Exploit Works

The MCP Inspector is widely used for debugging and testing MCP servers, which are foundational for AI agent collaboration across platforms like Python and JavaScript.

By default, MCP Inspector runs an HTTP server on ...