453 matches found
PT-2026-30707
Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description The Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the prompt editor invocation utility. Attackers can execute...
Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞
Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...
Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞
Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...
Hackers Are Posting the Claude Code Leak With Bonus Malware
Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more...
CVE-2025-64340
FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...
CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...
GHSA-M8X7-R2RG-VH5G FastMCP has a Command Injection vulnerability - Gemini CLI
Server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are...
Arbitrary Code Execution.
@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...
Claude Code 安全漏洞
Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.1.3363 contained a security vulnerability, which was caused by uncontrolled search path elements, potentially leading to local privilege escalation...
test-xss
test-xss "test." Install bash np...
pentest-ai
pentest-ai Turn Claude Code into your offensive security re...
CVE-2026-33068
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2026-33068
CVE-2026-33068 affects Claude Code. Versions prior to 2.1.53 could bypass the workspace trust dialog by using permissions.defaultMode set to bypassPermissions in the repo-controlled .claude/settings.json, allowing silent trust mode on first open and enabling tool execution without user consent. T...
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2026-33068
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...