BREAKING
Microsoft Discloses AutoJack RCE
How One Web Page Triggers RCE
1
Agent renders evil page
↓
2
JS hits ws://localhost:8081
↓
3
Runs calc.exe, no auth
Three Chained Weaknesses
Origin trust
CWE-1385
●
Allowlist trusts localhost
●
Agent bypasses it
No auth
CWE-306
●
/api/mcp/* skipped auth
●
Open to anyone
Command exec
CWE-78
●
server_params run directly
●
No allowlist
Which Versions Are Affected
PyPI stable 0.4.2.2
Safe
●
No MCP route
●
Not affected
Pre-release dev1/dev2
Affected
●
MCP route present
●
RCE possible
GitHub main
Fixed
●
commit b047730
●
server_params secured
Architecture, Not Model, Problem
Patch, Isolate, Stay Alert
AI NEWS BLITZ
Microsoft has revealed AutoJack, a remote code execution flaw abusing AI browsing agents.