Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

BlueRock found a vulnerability we're calling MCP fURI (forged URI). It enables arbitrary calling of URI resources via Microsoft's Markitdown MCP server—no validation, no boundaries.