BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Anthropic’s Git MCP server flaws enable prompt RCE risk ASAP

Three critical flaws in Anthropic's mcp-server-git enable file access and potential RCE — update now.

  • Three security flaws were disclosed in mcp-server-git, the official Git MCP server maintained by Anthropic.
  • Vulnerabilities allow path traversal, argument injection, file overwrite, and could lead to remote code execution when combined with other MCP servers.
  • The issues were fixed in releases 2025.9.25 and 2025.12.18; users are advised to update and remove exposed tools.

On Jan. 20, 2026, three vulnerabilities were disclosed in the Python package mcp-server-git, the official Git Model Context Protocol ([MCP]) server maintained by Anthropic. The flaws could let an attacker read or delete arbitrary files and, under certain conditions, execute code on the host system.

- Advertisement -

Cyata researcher Yarden Porat warned about exploitability through prompt injection. According to the report, “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, a compromised webpage) can weaponize these vulnerabilities without any direct access to the victim’s system.”

The package provides built-in tools that let large language models read, search, and manipulate Git repositories programmatically. The maintainers addressed the issues in versions 2025.9.25 and 2025.12.18 after responsible disclosure in June 2025.

The three tracked vulnerabilities are:
CVE-2025-68143 — path traversal via the git_init tool (CVSS v3: 8.8; fixed in 2025.9.25).
CVE-2025-68144 — argument injection in git_diff and git_checkout (CVSS v3: 8.1; fixed in 2025.12.18).
CVE-2025-68145 — path traversal via the –repository flag (CVSS v3: 7.1; fixed in 2025.12.18).

Cyata demonstrated a chained attack using the Filesystem MCP server to write a malicious .git/config and trigger execution. The documented steps include creating a repo with git_init, writing .git/config and .gitattributes, placing a payload script, and invoking git_add to run the filter.

- Advertisement -

Maintainers removed the git_init tool and added path validation to prevent traversal primitives. Users of the package are recommended to update to the patched releases. “This is the canonical Git MCP server, the one developers are expected to copy,” said Shahar Tal, CEO and co-founder of Cyata. “If security boundaries break down even in the reference implementation, it’s a signal that the entire MCP ecosystem needs deeper scrutiny. These are not edge cases or exotic configurations, they work out of the box.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

Must Read

18 Countries With No Privacy Laws According To UN (List)

Privacy laws are legal frameworks designed to protect personal data from unauthorized access, misuse, or disclosure.Lack of privacy laws can lead to misuse of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading