1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +233 more potentially affected by CVE-2026-21852 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.64)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-21852 Source advisory: OSV:GHSA-JH7P-QR78-84P7...

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

Insufficiently Protected Credentials

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insufficiently Protected...

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.58.1-alpha) +15 more potentially affected by CVE-2026-21852 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.64)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-21852 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15046268...

GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

PT-2026-3758

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.65 Description A flaw in the project-load flow of Claude Code allows malicious repositories to exfiltrate sensitive data, such as Anthropic API keys, before a user confirms trust. An attacker can include a...

Claude Code security vulnerabilities

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.65 contained security vulnerabilities. These vulnerabilities stemmed from the project’s loading process, which allowed malicious repositories to leak data before the user confirmed trust...

ntree

NTREE v2.0 - Neural Tactical Red-Team Exploitation Engine C...

AI-Vuln-Reproduce

AI-Vuln-Reproduce AI Fully Automated Vulnerability Reproducti...

RAPTOR - Autonomous Offensive/Defensive Security Research Framework

RAPTOR is an autonomous offensive/defensive security research framework, based on Claude Code. It empowers security research with agentic workflows and automation. RAPTOR stands for Recursive Autonomous Penetration Testing and Observation Robot...

Automated Penetration Testing with LLM Agents and Classical Planning

While penetration testing plays a vital role in cybersecurity, achieving fully automated, hands-off-the-keyboard execution remains a significant research challenge. In this paper, we introduce the "Planner-Executor-Perceptor PEP" design paradigm and use it to systematically review existing work a...

Claude Code Code Execution Vulnerability

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-66032

Claude Code (the agentic coding tool) is affected by a vulnerability in versions prior to 1.0.93 where errors in parsing shell commands related to $IFS and short CLI flags allow bypassing the read-only validation and may enable arbitrary code execution. Exploitation requires the attacker to intro...

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

Arbitrary Argument Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Argument Injection vi...

GHSA-XQ4M-MC3C-VVG3 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...