3 matches found
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence AI-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms,...
Sensitive Information Disclosure
@anthropic-ai/claude-code is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper trust validation during the project-load flow, which allows an attacker to supply a malicious repository configuration that redirects API requests to an attacker-controlled endpoint a...
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...