PROBLEM

Command injection vulnerability in Claude Code's MCP server

A vulnerability was found in the MCP server component of the Claude LLM, allowing arbitrary command execution through malicious server configurations.

Updated: 4/1/2026

Fix the vulnerability by implementing proper input validation on MCP server arguments before passing them to spawn().

Did this solve your problem?

0 developers found this helpful