Find notable cyber news and cases, enriched with sources, timelines, and signals.

Anthropic Claude Code code injection and API key disclosure flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

Anthropic's Claude Code has multiple disclosed flaws that can enable remote code execution and API key theft when developers open untrusted repositories. The issues span a CVSS 8.7 no-CVE code-injection bug, CVE-2025-59536, and CVE-2026-21852. Attackers can abuse Hooks, MCP servers, .claude/settings.json, .mcp.json, and environment variables to run commands before trust prompts appear. Anthropic released fixes in version 1.0.87, 1.0.111, and 2.0.65.

Related Happenings

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
H score31 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...

Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace

Security Tool/Service
H score28 First: 12.05.2026 01:03 Last: 12.05.2026 01:03 Sources 1

About this happening: A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...

Terrarium CVE-2026-5752 mitigation guidance

Advisory/Mitigation
H score39 First: 22.04.2026 10:16 Last: 22.04.2026 10:16 Sources 1

About this happening: **CERT/CC** issued mitigation guidance for **Terrarium** deployments exposed to **CVE-2026-5752**, a **sandbox-escape** flaw that can lead to **root code execution**. The advice i...

MCP STDIO arbitrary command execution security flaw

Vulnerability
H score53 First: 16.04.2026 12:40 Last: 16.04.2026 12:40 Sources 1

About this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

Timeline

  1. 25.02.2026 19:00 2 articles · 4mo ago

    Check Point Research discloses Claude Code vulnerabilities enabling code execution and API key theft

    Initial Disclosure

    Check Point Research discloses multiple security vulnerabilities in Anthropic's Claude Code that can enable arbitrary shell command execution, remote code execution, and Anthropic API key exfiltration when users clone and open untrusted repositories. The issues abuse Hooks, Model Context Protocol (MCP) servers, .claude/settings.json, .mcp.json, and environment variables, and Anthropic says fixes are available in version 1.0.87, version 1.0.111, and version 2.0.65.

    Show sources