Critical Zero-Click RCE Flaw in Claude Desktop Extensions
Summary
Hide ▲
Show ▼
A critical zero-click remote code execution (RCE) vulnerability in Claude Desktop Extensions (DXT) allows attackers to compromise systems via malicious Google Calendar events. The flaw, rated CVSS 10.0, affects over 10,000 users. Anthropic, the developer, declined to fix it, stating it falls outside their threat model. The vulnerability arises from the lack of security boundaries in the Model Context Protocol (MCP) used by Claude DXT, which executes with full system privileges.
Timeline
-
09.02.2026 19:30 1 articles · 5h ago
Zero-Click RCE Flaw in Claude Desktop Extensions Disclosed
On February 9, 2026, security researchers at LayerX disclosed a critical zero-click remote code execution flaw in Claude Desktop Extensions (DXT). The vulnerability, rated CVSS 10.0, allows attackers to compromise systems via malicious Google Calendar events. Anthropic, the developer, declined to fix the flaw, stating it falls outside their threat model.
Show sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30
Information Snippets
-
The vulnerability allows remote code execution without user interaction.
First reported: 09.02.2026 19:301 source, 1 articleShow sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30
-
Over 10,000 active users of Claude DXT are potentially affected.
First reported: 09.02.2026 19:301 source, 1 articleShow sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30
-
Anthropic declined to fix the flaw, stating it falls outside their threat model.
First reported: 09.02.2026 19:301 source, 1 articleShow sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30
-
Claude DXT operates with full system privileges, unlike sandboxed browser extensions.
First reported: 09.02.2026 19:301 source, 1 articleShow sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30
-
The flaw exploits the dynamic chaining of tools in MCP, treating low-risk data sources as trusted input for high-risk actions.
First reported: 09.02.2026 19:301 source, 1 articleShow sources
- New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix — www.infosecurity-magazine.com — 09.02.2026 19:30