Tag
flyto-core is vulnerable to unauthenticated command execution via its HTTP MCP endpoint (`POST /mcp`), allowing remote attackers to execute arbitrary OS commands with server privileges by invoking `sandbox.execute_shell` through JSON-RPC requests, potentially leading to full system compromise.