BREAKING
Microsoft Discloses AutoJack RCE
How One Web Page Triggers RCE
1Agent renders evil page
2JS hits ws://localhost:8081
3Runs calc.exe, no auth
Three Chained Weaknesses
Origin trustCWE-1385
Allowlist trusts localhost
Agent bypasses it
No authCWE-306
/api/mcp/* skipped auth
Open to anyone
Command execCWE-78
server_params run directly
No allowlist
Which Versions Are Affected
PyPI stable 0.4.2.2Safe
No MCP route
Not affected
Pre-release dev1/dev2Affected
MCP route present
RCE possible
GitHub mainFixed
commit b047730
server_params secured
Architecture, Not Model, Problem
Patch, Isolate, Stay Alert
AI NEWS BLITZ
Microsoft has revealed AutoJack, a remote code execution flaw abusing AI browsing agents.