MCP attack abuses predictable session IDs to hijack AI agents

by
from The Register on (#70XHW)
Story ImageThe vuln affects the Oat++ MCP implementation

A security flaw in the Oat++ implementation of Anthropic's Model Context Protocol (MCP) allows attackers to predict or capture session IDs from active AI conversations, hijack MCP sessions, and inject malicious responses via the oatpp-mcp server....

External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title The Register
Feed Link https://www.theregister.com/
Feed Copyright Copyright © 2025, Situation Publishing
Reply 0 comments