Capability Laundering in MCP 3: CVE-2026-27735 Anthropic Git MCP Server git_add Path Traversal to Credential Exfiltration
Capability Laundering: The Series So Far This is the third case in an ongoing series documenting capability laundering in MCP ecosystems. Capability laundering is when an agent calls one tool, but gets the effect of a different capability via side effects. It occurs when all three conditions are met: The tool’s contract does not cover its effects — the implementation can produce effects beyond what the tool claims to do. Inputs can steer those effects — arguments can influence which effect happens and what gets modified. Controls gate tool calls, not effects — approvals and policies do not model the effect being produced. The previous two cases: ...