Subscribe

0

News

Tenable Report: AI tool MCP inspector hit by critical vulnerability

Tenable flags critical AI tool flaw (CVE-2025-49596) in MCP Inspector. Exploitable via web, it demands urgent updates to avoid data theft, malware and remote access.

author-image
DQC Bureau
New Update
AI tool MCP inspector hit by critical vulnerability

AI tool MCP inspector hit by critical vulnerability

Tenable Research has identified a severe remote code execution (RCE) vulnerability in Anthropic’s MCP Inspector, a widely used open-source tool in AI development workflows. The flaw, registered as CVE-2025-49596, has been assigned a CVSS score of 9.4, classifying it as critical. The issue arises from default insecure configurations, which could leave organisations exposed immediately upon deployment.

Advertisment

MCP Inspector enjoys broad adoption, with over 38,000 weekly downloads on npmjs and more than 4,000 GitHub stars. The vulnerability allows attackers to compromise systems by simply luring a user to visit a malicious website. No further interaction is required, making exploitation both simple and effective.

Once a system is compromised, attackers may gain persistent access, extract sensitive information including credentials and intellectual property, and move laterally across networks or install malware.

Rémy Marot, Staff Research Engineer at Tenable, urged immediate action: “This is not a vulnerability that can be ignored. Security teams and developers should upgrade MCP Inspector to version 0.14.1 or later without delay. The update addresses the issue by enforcing authentication, binding services to localhost, and restricting trusted origins, effectively closing off the most dangerous attack vectors.”

Advertisment

This incident highlights the importance of secure configuration when deploying open-source and AI tools, particularly in production environments. As AI becomes more deeply embedded in enterprise infrastructure, such vulnerabilities present a growing threat surface.

A detailed advisory and technical blog post by Tenable’s research team outlines the scope of the issue and offers guidance for mitigation. All users of MCP Inspector are strongly advised to review their current installations and apply the patch immediately to mitigate potential security risks. 

Read More : 

Advertisment

Zoom’s AI companion changing how we work with Agentic AI

Altimetrik names Sreenivas V as CFO for AI-first growth

Next-Gen ApeosPro and Revoria Printers Debut from Fujifilm

Advertisment

At the edge of innovation: India’s next phase of enterprise computing