CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • Claude Code Vulnerabilities Enable RCE and API Key Theft

    by

    Juni Artawan
    in

    Security researchers have uncovered multiple high-risk vulnerabilities in Claude Code, the AI-powered coding assistant from Anthropic. The flaws could allow attackers to achieve remote code execution (RCE) and steal API credentials when developers open untrusted repositories.

    According to Check Point, the issues exploit configuration mechanisms such as Hooks, Model Context Protocol (MCP) servers, and environment variables. In a typical attack scenario, threat actors plant malicious configuration files inside a repository. When a victim clones and opens the project, Claude Code may automatically execute shell commands and exfiltrate the user’s Anthropic API key.

    Researchers categorized the findings into three main vulnerabilities. The first issue (no CVE, CVSS 8.7) involved a user consent bypass via .claude/settings.json, enabling arbitrary code execution; it was fixed in version 1.0.87. The second flaw, CVE-2025-59536 (CVSS 8.7), allowed automatic shell command execution during tool initialization from an untrusted directory; it was patched in version 1.0.111. The third bug, CVE-2026-21852 (CVSS 5.3), enabled malicious repositories to exfiltrate sensitive data, including API keys; it was fixed in version 2.0.65.

    In some scenarios, simply opening a crafted repository could cause Claude Code to send authenticated API requests to attacker-controlled infrastructure before the trust prompt appears. The impact is significant: attackers could access project files, manipulate cloud data, inject malicious content, or even generate unexpected API charges.

    This research highlights a major shift in the AI threat model. The risk is no longer limited to running untrusted code—opening an untrusted project can now be enough to trigger compromise, as configuration files increasingly act as part of the execution layer.

    Mitigation tips: keep Claude Code fully updated, avoid opening untrusted repositories, and carefully review MCP and hook configurations before launching projects.

    Source: https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html