Information security
fromTheregister
2 weeks agoMCP attack uses predictable session IDs to hijack AI agents
A flaw in oatpp-mcp's SSE session ID generation allows attackers with network access to predict or capture session IDs and hijack MCP sessions.