Skip to content
The Nexus
SECURITYMay 7 · 20:03 UTCTHE REGISTER

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

A security firm called Adversa AI has disclosed a one-click remote code execution attack via an MCP server in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The vulnerability allows an attacker to compromise a system by exploiting inconsistent restrictions on settings. This is the third CVE in six months from the same root cause.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this