OX Security reports that Anthropic's Model Context Protocol SDK contains an architectural design flaw enabling arbitrary command execution across all supported languages (Python, TypeScript, Java, Rust). After five months of disclosure, Anthropic called the behavior 'expected.' Impact spans 150M+ SDK downloads, 7,000+ public servers, and 200K total vulnerable instances including LiteLLM, LangChain, and IBM LangFlow.