Infosecurity Magazine reports that Context7 MCP Server, which is widely used for coding documentation delivery to AI assistants, was discovered by Noma Labs researchers to have been impacted by the critical ContextCrush vulnerability.ContextCrush stems from the platform's "Custom Rules" feature, which lets library maintainers add instructions for AI assistants. As these instructions were not checked or filtered, malicious instructions could be added. Attackers could exploit the flaw by registering a fake library on the platform, adding malicious instructions to the Custom Rules section, and waiting for the developers to access that library through their AI assistant. The assistant may treat these commands as valid and execute them, as they come from a trusted server.The flaw could make the AI delete files in the developer's system, look for sensitive files, and send data to an attacker-controlled repository. There is reportedly no evidence of the vulnerability having been used in real-world attacks. Upstash, which operates the Context7 MCP Server, released a fix for the vulnerability that included rule filtering and additional security protections.
AI/ML, Vulnerability Management
Context7 MCP Server flaw could allow malicious instructions for AI assistants
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds