India, July 11 -- Tenable Research has identified a severe remote code execution (RCE) vulnerability in Anthropic's MCP Inspector, a widely used open-source tool in AI development workflows. The flaw, registered as CVE-2025-49596, has been assigned a CVSS score of 9.4, classifying it as critical. The issue arises from default insecure configurations, which could leave organisations exposed immediately upon deployment.

MCP Inspector enjoys broad adoption, with over 38,000 weekly downloads on npmjs and more than 4,000 GitHub stars. The vulnerability allows attackers to compromise systems by simply luring a user to visit a malicious website. No further interaction is required, making exploitation both simple and effective.

Once a system is...