5 min read
Vulnerabilities A three-flaw chain in Microsoft AutoGen Studio's MCP WebSocket surface lets a malicious webpage execute arbitrary commands on the host via an AI browsing agent. Microsoft patched in June 2026.
A three-flaw chain in Microsoft AutoGen Studio's MCP WebSocket surface lets a malicious webpage execute arbitrary commands on the host via an AI browsing agent. Microsoft patched in June 2026.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.