Security researchers at Ox Security disclosed a systemic vulnerability in Anthropic's Model Context Protocol affecting the STDIO transport layer across Python, TypeScript, Java, and Rust SDKs, enabling arbitrary OS command execution without authentication. The flaw affects over 200 open-source projects with 150 million combined downloads, 7,000+ publicly accessible servers, and an estimated 200,000 vulnerable instances; popular tools including LangFlow, GPT Researcher, Windsurf, Claude Code, and Cursor are affected. Anthropic characterized the behavior as "expected" and declined architectural changes, instead releasing updated security guidance recommending caution around STDIO adapters — a response researchers called insufficient. The Register's coverage notes 10+ high and critical CVEs have been issued for affected tools.