INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Flaws in Claude Code Put Developers' Machines at Risk

| 2026-02-25 22:02 CRITICAL HIGH
JSON
Executive Summary AI-generated
The recent discovery of vulnerabilities in Anthropic's Claude Code AI coding assistant has exposed a significant risk to developers' machines and sensitive information. The flaws, identified as CVE-2025-59536 and CVE-2026-21852, allow attackers to execute commands without user consent and steal API keys from untrusted repositories. This poses a threat of remote code execution and potential data breaches, highlighting the need for immediate action by Anthropic and its users to mitigate these risks.
Technical Mitigations AI-generated
* Use the latest version of Claude Code to ensure protection against security vulnerabilities. * Regularly review and update project repositories to prevent unauthorized access or malicious modifications. * Implement additional security features, such as authentication and authorization mechanisms, to harden the coding platform against attacks. * Monitor project repositories for suspicious activity and report any potential threats to Anthropic's support team.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2025-59536CVE-2025-59536 CVE-2025-59356CVE-2025-59356 CVE-2026-21852CVE-2026-21852
Target & Sectors
Global Scope
Incident Timeline
2025-02-25
Check Point Research identified and reported the flaws to Anthropic.
organisation Check Point Research
Anthropic fixed the issues after Check Point Research discovered the flaws and reported it to the company last year.
February 25, 2026
Threat actors used untrusted repositories to turn Anthropic's Claude code into an attack vector.
organisation API
Untrusted repositories turn Claude code into an attack vector Pierluigi Paganini February 25, 2026 Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories.
tactic Remote Code Execution
Untrusted repositories turn Claude code into an attack vector Pierluigi Paganini February 25, 2026 Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories.
2026-02-25
Check Point discovered vulnerabilities in Anthropic's Claude Code AI coding assistant, CVE-2025-59536 and CVE-2026-21852, which allowed attackers to execute arbitrary shell commands and exfiltrate API credentials through malicious repository-level configuration files.
organisation Check Point Research
Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft.
organisation Anthropic’s Claude Code AI
Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft.
organisation CVE-2025
Anthropic has assigned a single identifier, CVE-2025-59536 , for tracking both flaws.
organisation CVE-2025-59536
Related: 'God-Like' Attack Machines: AI Agents Ignore Security Policies The second vulnerability, also tracked as CVE-2025-59536, is associated with Claude Code's Model Context Protocol (MCP) setting for connecting the coding platform with external services and tools.
“Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project.”
organisation MCP
Related: 'God-Like' Attack Machines: AI Agents Ignore Security Policies The second vulnerability, also tracked as CVE-2025-59536, is associated with Claude Code's Model Context Protocol (MCP) setting for connecting the coding platform with external services and tools.
The vulnerabilities abuse features such as Hooks, MCP servers, and environment variables to run arbitrary shell commands and exfiltrate Anthropic API credentials when users clone and open untrusted repositories.
organisation the Model Context Protocol
The risks include silent command execution via abused Hooks, consent bypass in the Model Context Protocol (CVE-2025-59536), and API key exfiltration before trust confirmation (CVE-2026-21852), potentially exposing broader AI-driven workflows. VIDEO Anthropic’s API Workspaces feature lets multiple API keys share access to cloud-stored project files.
organisation API Workspaces
The risks include silent command execution via abused Hooks, consent bypass in the Model Context Protocol (CVE-2025-59536), and API key exfiltration before trust confirmation (CVE-2026-21852), potentially exposing broader AI-driven workflows. VIDEO Anthropic’s API Workspaces feature lets multiple API keys share access to cloud-stored project files.
organisation CVE-2026
“Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project.”
infrastructure 2.0.65
The other vulnerability CVE-2026-21852 , affects Claude Code versions prior to 2.0.65 and allowed API credential theft via malicious project configurations.
organisation API
The other vulnerability CVE-2026-21852 , affects Claude Code versions prior to 2.0.65 and allowed API credential theft via malicious project configurations.
organisation CVE-2025-59356
Configuration Files as Attack Vector One of the three vulnerabilities that Check Point discovered, CVE-2025-59356, involves a Claude Code feature called Hooks that allows developers to enforce consistent and pre-determined behavior — like code-formatting — at specific points in a project life cycle.
organisation Attack Vector
Configuration Files as Attack Vector One of the three vulnerabilities that Check Point discovered, CVE-2025-59356, involves a Claude Code feature called Hooks that allows developers to enforce consistent and pre-determined behavior — like code-formatting — at specific points in a project life cycle.
organisation Claude Code Put Developers' Machines at Risk
Flaws in Claude Code Put Developers' Machines at Risk.
organisation React2Shell Exposure
Attackers Use New Tool to Scan for React2Shell Exposure Two of the vulnerabilities are closely related and involve configuration files in a project repository executing commands without proper user consent.
organisation GitHub Copilot
Common examples of similar tools include GitHub Copilot, Amazon CodeWhisperer, and OpenAI's Codex.
organisation Amazon CodeWhisperer
Common examples of similar tools include GitHub Copilot, Amazon CodeWhisperer, and OpenAI's Codex.
organisation Check Point
Check Point developed an exploit for the vulnerability to show how an adversary could leverage it to gain remote access to a developer's terminal with all the privileges of the developer.
organisation SecurityAffairs
“As AI integration deepens, security controls must evolve to match the new trust boundaries.” Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, Claude)
Tactical Metrics
Metrics
infrastructure
​2.0.65
Software Version
The other vulnerability CVE-2026-21852 , affects Claude Code versions prior to 2.0.65 and allowed API credential theft via malicious project configurations.
Intelligence Sources
Dark Reading 2026-02-25
Security Affairs 2026-02-25