BTC $62,405.68 +1.63%
ETH $1,745.31 +2.73%
BNB $570.16 +2.18%
XRP $1.12 +4.50%
SOL $82.39 +2.10%
TRX $0.3209 +1.11%
DOGE $0.0772 +4.38%
ADA $0.1819 +13.45%
BCH $228.21 +3.84%
LINK $7.96 +2.92%
HYPE $70.23 +5.97%
AAVE $87.18 +0.43%
SUI $0.7705 +4.78%
XLM $0.2052 +4.46%
ZEC $462.11 +6.61%
BTC $62,405.68 +1.63%
ETH $1,745.31 +2.73%
BNB $570.16 +2.18%
XRP $1.12 +4.50%
SOL $82.39 +2.10%
TRX $0.3209 +1.11%
DOGE $0.0772 +4.38%
ADA $0.1819 +13.45%
BCH $228.21 +3.84%
LINK $7.96 +2.92%
HYPE $70.23 +5.97%
AAVE $87.18 +0.43%
SUI $0.7705 +4.78%
XLM $0.2052 +4.46%
ZEC $462.11 +6.61%

Anthropic 修復 MCP Git 伺服器三大高危漏洞,涉及任意文件訪問與遠程代碼執行

2026-01-21 09:52:57
收藏

ChainCatcher 消息,据 The Hacker News 報導,Cyata 研究員披露 Anthropic 維護的 mcp-server-git 存在三項嚴重安全漏洞(CVE-2025-68143/44/45),可被利用執行路徑穿越與參數注入,甚至實現遠程代碼執行。

這些漏洞可通過提示注入被武器化,攻擊者僅需控制 AI 助手讀取惡意內容即可觸發攻擊。漏洞已在 2025 年 9 月與 12 月版本中修復,官方已移除 git_init 工具並增強路徑校驗,建議用戶儘快更新至最新版。

app_icon
ChainCatcher 與創新者共建Web3世界