Anthropic Claude Code code injection and API key disclosure flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Anthropic's Claude Code has multiple disclosed flaws that can enable remote code execution and API key theft when developers open untrusted repositories. The issues span a CVSS 8.7 no-CVE code-injection bug, CVE-2025-59536, and CVE-2026-21852. Attackers can abuse Hooks, MCP servers, .claude/settings.json, .mcp.json, and environment variables to run commands before trust prompts appear. Anthropic released fixes in version 1.0.87, 1.0.111, and 2.0.65.
Related Happenings
Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace
Security Tool/Service
First: 12.05.2026 01:03
Last: 12.05.2026 01:03
Sources 1
About this happening:
A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...
Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace
Security Tool/ServiceAbout this happening: A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...
Terrarium CVE-2026-5752 mitigation guidance
Advisory/Mitigation
First: 22.04.2026 10:16
Last: 22.04.2026 10:16
Sources 1
About this happening:
**CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...
Terrarium CVE-2026-5752 mitigation guidance
Advisory/MitigationAbout this happening: **CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...
MCP STDIO arbitrary command execution security flaw
Vulnerability
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
Anthropic Claude Code source code leak from NPM release
Data Leak
First: 01.04.2026 03:32
Last: 01.04.2026 03:32
Sources 1
About this happening:
Anthropic **mistakenly exposed** proprietary **Claude Code** source code through a **NPM** release, allowing the codebase to be reconstructed and spread online. The leak involved...
Anthropic Claude Code source code leak from NPM release
Data LeakAbout this happening: Anthropic **mistakenly exposed** proprietary **Claude Code** source code through a **NPM** release, allowing the codebase to be reconstructed and spread online. The leak involved...
Latest development: 02.04.2026 23:30
Threat actors are using fake GitHub repositories to exploit the Claude Code source code leak and lure users searching for leaked Claude Code into downloading a 7-Zip archive that launches ClaudeCode_x64.exe and drops Vidar and GhostSocks; Zscaler says the bogus repository is SEO-optimized for Google Search queries like “leaked Claude Code.”
Timeline
-
25.02.2026 19:00 2 articles · 3mo ago
Check Point Research discloses Claude Code vulnerabilities enabling code execution and API key theft
Initial DisclosureCheck Point Research discloses multiple security vulnerabilities in Anthropic's Claude Code that can enable arbitrary shell command execution, remote code execution, and Anthropic API key exfiltration when users clone and open untrusted repositories. The issues abuse Hooks, Model Context Protocol (MCP) servers, .claude/settings.json, .mcp.json, and environment variables, and Anthropic says fixes are available in version 1.0.87, version 1.0.111, and version 2.0.65.
Show sources
- Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration — thehackernews.com — 25.02.2026 19:00
- Claude Code Security Shows Promise, Not Perfection — www.darkreading.com — 27.02.2026 16:00