ATLA WIRE

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

22.01.2026
17466
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Three vulnerabilities in Anthropic's MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to remote code execution.

🚨 AI Git Server Has Holes — RCE, File Theft, Prompt Injection

Anthropic's MCP Git server just got exposed — three critical flaws let attackers pull off prompt injection attacks, read or delete files, and in some cases, execute remote code. This isn't just a bug; it's a full-blown backdoor into AI infrastructure.
The vulnerabilities, discovered by security researchers, allow malicious actors to manipulate the server's prompt handling, leading to path traversal and arbitrary command execution. Translation: if you're using this server, your codebase and sensitive files are at risk.
  • Prompt injection attacks can bypass security controls
  • Attackers can read or delete files on the server
  • Remote code execution (RCE) is possible in certain configurations
  • Path traversal flaws expose directory structures
This is a classic case of AI tools inheriting traditional security flaws — Git servers aren't new, but hooking them up to AI models creates fresh attack surfaces. If you're deploying Anthropic's MCP in production, patch immediately or risk getting compromised.
The flaws are tagged under CVE identifiers (not yet assigned in this preview) and affect versions prior to the latest security update. Anthropic has released patches, but adoption lag means many instances remain vulnerable.

Three vulnerabilities in Anthropic's MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to remote code execution.

Bottom line: AI infrastructure security is still playing catch-up. These aren't theoretical risks — they're live exploits waiting to happen. If you're in DevOps or security, audit your MCP deployments now. This is why we can't have nice AI things without proper hardening.
#RCE vulnerabilities#AI security#prompt injection#security patches#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
Banner | ATLA WIRE