Anthropic Claude Code code injection and API key disclosure flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Anthropic's Claude Code has multiple disclosed flaws that can enable remote code execution and API key theft when developers open untrusted repositories. The issues span a CVSS 8.7 no-CVE code-injection bug, CVE-2025-59536, and CVE-2026-21852. Attackers can abuse Hooks, MCP servers, .claude/settings.json, .mcp.json, and environment variables to run commands before trust prompts appear. Anthropic released fixes in version 1.0.87, 1.0.111, and 2.0.65.
Related Happenings
Claude Code GitHub Action bot trigger bypass security flaw
Vulnerability
H score31
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
**Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Claude Code GitHub Action bot trigger bypass security flaw
VulnerabilityAbout this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace
Security Tool/Service
H score28
First: 12.05.2026 01:03
Last: 12.05.2026 01:03
Sources 1
About this happening:
A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...
Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace
Security Tool/ServiceAbout this happening: A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...
Terrarium CVE-2026-5752 mitigation guidance
Advisory/Mitigation
H score39
First: 22.04.2026 10:16
Last: 22.04.2026 10:16
Sources 1
About this happening:
**CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...
Terrarium CVE-2026-5752 mitigation guidance
Advisory/MitigationAbout this happening: **CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...
MCP STDIO arbitrary command execution security flaw
Vulnerability
H score53
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
H score58
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 03.06.2026 14:00
President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.
Timeline
-
25.02.2026 19:00 2 articles · 4mo ago
Check Point Research discloses Claude Code vulnerabilities enabling code execution and API key theft
Initial DisclosureCheck Point Research discloses multiple security vulnerabilities in Anthropic's Claude Code that can enable arbitrary shell command execution, remote code execution, and Anthropic API key exfiltration when users clone and open untrusted repositories. The issues abuse Hooks, Model Context Protocol (MCP) servers, .claude/settings.json, .mcp.json, and environment variables, and Anthropic says fixes are available in version 1.0.87, version 1.0.111, and version 2.0.65.
Show sources
- Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration — thehackernews.com — 25.02.2026 19:00
- Claude Code Security Shows Promise, Not Perfection — www.darkreading.com — 27.02.2026 16:00