🗾ITmedia AI+ (日本)•Stalecollected in 54m
Claude Code Critical Vulnerability Exposed
💡Claude Code vuln risks RCE from config files—devs, audit projects now!
⚡ 30-Second TL;DR
What Changed
Check Point reports in-depth Claude Code vuln analysis
Why It Matters
Developers face heightened risks of compromise via everyday workflows, demanding immediate project vetting. Could erode trust in AI coding tools if unaddressed.
What To Do Next
Scan Claude Code projects for malicious configs before opening any untrusted files.
Who should care:Developers & AI Engineers
🧠 Deep Insight
Web-grounded analysis with 8 cited sources.
🔑 Enhanced Key Takeaways
- •Vulnerabilities assigned CVE-2025-59536 (trust dialog bypass enabling code injection) and CVE-2026-21852 (API key exfiltration via base URL redirection).[1][2]
- •Exploits abused Hooks, Model Context Protocol (MCP) servers, and environment variables in files like .claude/settings.json and .mcp.json to execute shell commands before user consent.[2][4]
- •Check Point disclosed issues to Anthropic throughout 2025-2026; all vulnerabilities patched prior to public publication, shifting risk to version updates and key rotation.[1][4]
🛠️ Technical Deep Dive
- •CVE-2025-59536: Malicious hooks or MCP configs in .claude/settings.json execute arbitrary shell commands (e.g., reverse shell) immediately upon 'claude' command, overlaying trust dialog.[4]
- •CVE-2026-21852: Repo config redirects API requests to attacker server, exposing plaintext Anthropic API key in authorization header before trust confirmation.[2][4]
- •Attack chains bypass consent via project-load flows; potential escalation to enterprise cloud workspaces via stolen keys; files like .mcp.json scanned for risks post-patch.[1][4]
🔮 Future ImplicationsAI analysis grounded in cited sources
AI coding tools will mandate repo-trust policies and auto-key rotation
Check Point findings emphasize treating untrusted repos as hostile and rotating keys after exposure, standardizing mitigations across teams.[1]
⏳ Timeline
2025-12
Check Point begins disclosure of Claude Code vulnerabilities to Anthropic
2026-01
Ongoing coordinated vulnerability remediation with Anthropic security team
2026-02
Anthropic launches Claude Code Security feature in limited preview
2026-03
Check Point publishes detailed analysis and CVEs for patched flaws
📎 Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- penligent.ai — Claude Code Project Files Became an Rce and API Key Exfiltration Path What the Check Point Findings Change for AI Coding Assistants
- blog.checkpoint.com — Check Point Researchers Expose Critical Claude Code Flaws
- radar.offseq.com — Claude Code Flaws Exposed Developer Devices to Sil C98dfc93
- research.checkpoint.com — Rce and API Token Exfiltration Through Claude Code Project Files Cve 2025 59536
- bisi.org.uk — Claude Code Security and the Future of AI Driven Cybersecurity
- futurumgroup.com — Claude Found 500 Zero Days Who Patches Them Before Attackers Arrive
- securityboulevard.com — Claude Code Security Crashed the Market Because Were Defending the Wrong Thing
- growexx.com — AI Code Security Crisis 2026 CTO Guide
📰
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: ITmedia AI+ (日本) ↗