7 matches found
CVE-2026-40068
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
Claude Code 输入验证错误漏洞
Claude Code is a native AI programming tool developed by Anthropic. In versions 2.1.63 to 2.1.83 of Claude Code, there is a vulnerability related to input validation errors. This vulnerability arises from the lack of validation for the content of the git worktree commondir file in the folder trus...
GHSA-3CW3-5VXW-G2H3 OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
Summary Remote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details. Impact A malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway...
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...
GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...
Claude Code security vulnerabilities
Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.65 contained security vulnerabilities. These vulnerabilities stemmed from the project’s loading process, which allowed malicious repositories to leak data before the user confirmed trust...