@brooksmcmillin.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Brooks

brooksmcmillin.com

did:plc:un2ezdj3lajzyurcrc4dwd3s

3/ CVE-2025-6514 (CVSS 9.6): mcp-remote passed OAuth metadata straight to the system shell. One crafted authorization_endpoint = full RCE on Claude Desktop, Cursor, Windsurf, VS Code. 437K+ installs before patch.

2026-02-07T16:39:27.616Z