MCP attack abuses predictable session IDs to hijack AI agents

News
Yanac

The vuln affects the Oat++ MCP implementation
A security flaw in the Oat++ implementation of Anthropic’s Model Context Protocol (MCP) allows attackers to predict or capture session IDs from active AI conversations, hijack MCP sessions, and inject malicious responses via the oatpp-mcp server.…The RegisterRead More