← Back to Articles
mcpsecurityvulnerabilitiesanthropicgit-server

MCP Security Alert: 3 Critical Vulnerabilities Found in Anthropic Git Server

Three security flaws discovered in mcp-server-git could allow attackers to steal files and execute code. Here's what you need to know and how to protect your MCP setup.

By Web MCP GuideFebruary 17, 20263 min read


MCP Security Alert: 3 Critical Vulnerabilities Found in Anthropic Git Server

Breaking: Security researchers have disclosed three critical vulnerabilities in mcp-server-git, the official Git server for the Model Context Protocol maintained by Anthropic. If you're using MCP with Git integration, you need to update immediately.

What Was Found

The vulnerabilities, discovered in January 2026, affect the official MCP Git server that many developers use to give AI assistants access to their repositories.

The Three Flaws

1. Path Traversal (CVE-2026-68144): Attackers could read arbitrary files outside the intended repository directory
2. Command Injection: Malicious repository names could execute arbitrary shell commands
3. Symbolic Link Following: Symlinks could be exploited to access sensitive system files

Who's Affected

You're at risk if you:

  • Use mcp-server-git from the official Anthropic repository

  • Allow AI assistants to access Git repositories via MCP

  • Run MCP servers that handle untrusted repository URLs

    • How to Protect Yourself

    1. Update Immediately

    If using npm

    npm update @anthropic/mcp-server-git
    If using pip

    pip install --upgrade mcp-server-git

    2. Audit Your MCP Configuration

    Check your claude_desktop_config.json or equivalent:

    {
      "mcpServers": {
        "git": {
          "command": "npx",
          "args": ["-y", "@anthropic/mcp-server-git@latest"]
        }
      }
    }

    Make sure you're pulling the latest version with security patches.

    3. Restrict Repository Access

    Only allow access to specific, trusted repositories:

    {
      "mcpServers": {
        "git": {
          "command": "npx",
          "args": ["-y", "@anthropic/mcp-server-git"],
          "env": {
            "ALLOWED_REPOS": "/path/to/trusted/repo1,/path/to/trusted/repo2"
          }
        }
      }
    }

    4. Use Network Isolation

    Run MCP servers in isolated environments:

    Docker example

    docker run --network=none -v /safe/repo:/repo mcp-git-server

    The Bigger Picture: MCP Security

    This disclosure highlights a critical reality: MCP is powerful, but power requires responsibility.

    The Coalition for Secure AI (CoSAI) recently released a comprehensive MCP Security Whitepaper addressing these exact concerns.

    Key Security Principles for MCP

    1. Least Privilege: Only grant MCP servers the minimum permissions needed
    2. Input Validation: Never trust data coming from AI models
    3. Sandboxing: Isolate MCP servers from critical systems
    4. Logging: Monitor all MCP tool invocations
    5. Updates: Keep MCP dependencies current

    What's Next

    Anthropic has patched all three vulnerabilities. The MCP community is now implementing:

  • Mandatory security reviews for official MCP servers

  • Automated vulnerability scanning in the MCP ecosystem

  • Security certification for enterprise MCP deployments

    • Timeline

    | Date | Event |
    |------|-------|
    | Jan 15, 2026 | Vulnerabilities reported to Anthropic |
    | Jan 18, 2026 | Patches developed and tested |
    | Jan 20, 2026 | Public disclosure and fix release |
    | Feb 2026 | Community security audit begins |

    Bottom Line

    MCP is still the best way to connect AI assistants to your tools and data. But like any powerful technology, it requires security awareness.

    Action items:
    1. ✅ Update mcp-server-git to the latest version
    2. ✅ Audit your MCP server configurations
    3. ✅ Implement least-privilege access controls
    4. ✅ Follow the MCP Security Best Practices

    Stay safe out there.

    ---

    This article will be updated as more information becomes available. Last updated: February 17, 2026.