Tag
Windows-MCP versions prior to 0.7.5 are vulnerable to unauthenticated PowerShell control via HTTP transports due to wildcard CORS and missing authentication, allowing a remote attacker to execute arbitrary PowerShell commands as the user running Windows-MCP.