Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The combination of a CISA KEV listing, confirmed active exploitation, and a public proof-of-concept means any internet-reachable LiteLLM proxy running an affected version is at immediate risk of unauthenticated code execution and credential theft.
The shared context window architecture means a single malicious MCP server description can redirect every other connected tool without being called, and the defenses that eventually hardened npm — signing, sandboxing, provenance — do not yet exist as MCP protocol requirements.
Teams building agentic workflows with MCP-connected tools should evaluate governance layers like schema validation and output redaction now, before the next CVE forces a reactive patch.