SECURITYTHE REGISTER
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
A security firm called Adversa AI has disclosed a one-click remote code execution attack via an MCP server in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The vulnerability allows an attacker to compromise a system by exploiting inconsistent restrictions on settings. This is the third CVE in six months from the same root cause.
Mentioned