Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's MCP architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence AI supply chain. "This flaw enables Arbitrary Command Execution R...

CVE-2026-28509

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

CVE-2026-28509

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

EUVD-2026-9985

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

CVE-2026-28509

LangBot’s web UI prior to version 4.8.7 renders user-supplied raw HTML via rehypeRaw, resulting in a cross-site scripting (XSS) vulnerability. Affected product: LangBot (global IM bot platform for LLMs). Root cause: unescaped user HTML processed by rehypeRaw. Impact (per CVSS): Confidentiality im...

PT-2026-23641

Name of the Vulnerable Software and Affected Versions LangBot versions prior to 4.8.7 Description LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, the web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS issue...

LangBot 跨站脚本漏洞

LangBot is an open-source development platform for large-scale instant messaging robots created by LangBot. Versions of LangBot prior to 4.8.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of rehypeRaw to render the original HTML provided by users, which...

CVE-2025-59835

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

CVE-2025-59835

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

CVE-2025-59835

LangBot has a cross-directory file upload vulnerability affecting versions 4.1.0 through 4.3.4 (inclusive). The /api/v1/files/documents endpoint allows arbitrary file uploads because the server does not strictly constrain the storage directory, enabling dangerous files to be placed in system dire...

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

LangBot 代码问题漏洞

LangBot is a large model of LangBot open source instant messaging bot development platform. A code issue vulnerability exists in LangBot versions 4.1.0 through 4.3.5, which stems from the /api/v1/files/documents interface not strictly limiting the server file storage directory, which could lead t...