MCP Servers Enable Arbitrary Code Execution and Data Theft

Model Context Protocol (MCP) servers face serious security flaws that let attackers run code and steal data. Launched by Anthropic in November 2024, MCP connects AI agents to external systems. Attackers now exploit this bridge for “machine-in-the-middle” attacks on local or SaaS-hosted servers. Praetorian researchers found these gaps in February 2026 using MCPHammer validation tool. […] The post MCP Servers Enable Arbitrary Code Execution and Data Theft appeared first on VPN Central.