Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project Built-in mechanisms—including Hooks, MCP integrations, and environment variables—could be abused to bypass trust controls, execute hidden shell commands, and redirect authenticated API traffic before user consent Stolen Anthropic API keys posed enterprise-wide risk, particularly in shared workspaces where a single compromised key could expose, modify, or delete shared files and resources and generate unauthorized costs The findings highlight a broader shift in the AI supply chain threat model: repository […]
The post Check Point Researchers Expose Critical Claude Code Flaws appeared first on Check Point Blog.
from Check Point Blog https://ift.tt/h4dwpLV
via
No comments:
Post a Comment