Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits - The Hacker News

A critical remote code execution (RCE) vulnerability, CVE-2025-49596 (CVSS 9.4), has been identified in Anthropic's Model Context Protocol (MCP) Inspector, exposing developer machines to compromise. Attackers can exploit this by chaining a browser flaw dubbed "0.0.0.0 Day" with a CSRF vulnerability in the Inspector, leveraging default settings that lack authentication and encryption.