17 matches found
Anthropic Claude Code 0.2.54 < 2.1.163 Data Exfiltration (CVE-2026-54316)
The version of Anthropic Claude Code installed on the remote host is 0.2.54 prior to 2.1.163. It is, therefore, affected by a data exfiltration vulnerability. - Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain including...
Out Of Band Data Exfiltration
Claude Code is vulnerable to Out-of-Band Data Exfiltration. The vulnerability is due to the pre-approval of the hostname huggingface.co as a bare hostname for the WebFetch tool, where any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission...
CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...
CVE-2026-54316
CVE-2026-54316 (Claude Code) affects Claude Code versions 0.2.54–2.1.162, fixed in 2.1.163. The WebFetch tool allowed any path on the pre-approved domain huggingface.co, enabling an attacker-controlled repository path to be fetched without prompts or --allowedTools restrictions. If an attacker ca...
Covert Storage Channel
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...
PT-2026-50594
Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...
nanobot 代码问题漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from issues with server-side request forgeing in the webFetch tool. This could allow remote attackers to access...
Tencent WeKnora 代码问题漏洞
Tencent WeKnora is a LLM-based framework developed by Tencent China. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of Tencent WeKnora prior to 0.3.0 contained code vulnerabilities. These vulnerabilities were caused by a DNS...
EUVD-2026-5172
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
CVE-2026-24052
Summary: CVE-2026-24052 affects Claude Code prior to 1.0.111, where URL validation in the trusted-domain check for WebFetch used a startsWith() approach, allowing crafted domains (e.g., modelcontextprotocol.io.example.com) to bypass validation and potentially cause automatic requests to attacker‑...
PT-2026-6486
Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...
CVE-2026-0616
TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...
The Librarian security vulnerability
The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from an internal port scanning vulnerability in the webFetch tool. This vulnerability may allow scanning of internal IP addresses and services...
The Librarian security vulnerability
The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve Supervisory Server status pages, potentially leading to the exposure of backend running processes...
The Librarian security vulnerability
The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from an information leakage issue in the webFetch tool. This vulnerability could potentially be exploited to make requests through the The...
The Librarian security vulnerability
The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve content from the Adminer interface, potentially allowing access to internal backend systems...