Critical MCP Inspector Flaw (CVE-2025-49596, CVSS 9.4): Unauthenticated RCE Threatens AI Dev Machines via Browser