Three security vulnerabilities have been found in the mcp-server-git, an MCP server by Anthropic, allowing potential remote code execution through prompt injection. These flaws have been fixed in recent updates, but highlight significant security concerns within the MCP ecosystem. #Anthropic #mcpservergit
Keypoints
- The vulnerabilities include path traversal and argument injection issues in the mcp-server-git package.
- Exploiting these flaws could allow attackers to overwrite files and execute arbitrary code on the system.
- Security updates released in versions 2025.9.25 and 2025.12.18 have addressed the identified vulnerabilities.
- An attacker can chain the vulnerabilities with the Filesystem MCP server for remote code execution via prompt injection.
- The git_init tool has been removed, and enhanced validation measures have been implemented to prevent exploitation.
Read More: https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html