Sign in / up

back to article MCP attack abuses predictable session IDs to hijack AI agents

A security flaw in the Oat++ implementation of Anthropic's Model Context Protocol (MCP) allows attackers to predict or capture session IDs from active AI conversations, hijack MCP sessions, and inject malicious responses via the oatpp-mcp server. Oat++ is an open source, C++ web framework for building web applications, and MCP …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Claptrap314 Silver badge
    Mushroom

    Globally unique AND random

    Does one actually need mathematics degrees to see the problem here?

    This stuff drives me nuts.

    3 0 Reply
  2. AnAnonymousCanuck
    Angel

    C++ Web Apps in 2025?

    That's we we were doing in 1996. And it was not a wise technical choice then.

    I sure did learn a lot tho

    YMMV

    AAC

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon