Post · bonfire.cafe

Post

Log in

@AAKL@infosec.exchange · 19 hours ago

New.

Cyata Research: Breaking Anthropic’s Official MCP Server https://cyata.ai/blog/cyata-research-breaking-anthropics-official-mcp-server/

mcp-server-git 2026.1.14 https://pypi.org/project/mcp-server-git/

More:

The Hacker News: Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html @thehackernews #infosec #Anthropic #vulnerability

The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to RCE.

Client Challenge

Cyata | The Control Plane for Agentic Identity

Cyata Research: Breaking Anthropic's Official MCP Server - Cyata | The Control Plane for Agentic Identity

How We Found Code Execution in Anthropic’s Official Git MCP Server TL;DR What happened: Cyata discovered three security vulnerabilities in mcp-server-git, the official Git MCP server maintained by Anthropic. These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, […]

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1 no JS en

Automatic federation enabled

Log in