Claude Desktop official extensions unsanitized AppleScript command injection three RCEs command injection flaw
Vulnerability
Summary
Hide ▲
Show ▼
Three RCE vulnerabilities were disclosed in Claude Desktop's official Chrome, iMessage, and Apple Notes connectors, exposing users to arbitrary code execution with full system privileges. The flaws stemmed from unsanitized command injection in AppleScript execution. Anthropic confirmed the issues as high-severity with CVSS 8.9, and they were patched.
Related Happenings
AI coding assistants GhostApproval symlink security flaw
Vulnerability
H score22
First: 09.07.2026 07:27
Last: 09.07.2026 07:27
Sources 1
About this happening:
A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
AI coding assistants GhostApproval symlink security flaw
VulnerabilityAbout this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
Vulnerability
H score32
First: 26.06.2026 16:53
Last: 26.06.2026 16:53
Sources 1
About this happening:
**Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
VulnerabilityAbout this happening: **Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...
Claude Code GitHub Action bot trigger bypass security flaw
Vulnerability
H score31
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
**Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Claude Code GitHub Action bot trigger bypass security flaw
VulnerabilityAbout this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Ghost CMS Content API SQL injection SQL injection flaw (CVE-2026-26980)
Vulnerability
H score48
First: 25.05.2026 15:02
Last: 25.05.2026 15:02
Sources 1
About this happening:
Threat actors are **actively exploiting CVE-2026-26980** in **Ghost CMS Content API**, creating **SQL injection** risk that can expose database data and enable unauthorized **admi...
Ghost CMS Content API SQL injection SQL injection flaw (CVE-2026-26980)
VulnerabilityAbout this happening: Threat actors are **actively exploiting CVE-2026-26980** in **Ghost CMS Content API**, creating **SQL injection** risk that can expose database data and enable unauthorized **admi...
MCP STDIO arbitrary command execution security flaw
Vulnerability
H score53
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Timeline
-
29.12.2025 17:00 3 articles · 6mo ago
Initial report: Claude Desktop official extensions unsanitized AppleScript command injection three RCEs command injectio
Initial DisclosureThe initial disclosure identified three code-execution flaws in **Claude Desktop**'s official connectors. The issues were tied to **AppleScript command injection** and created a direct path to privileged execution on the host system.
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
- Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection — www.infosecurity-magazine.com — 05.11.2025 12:30