AI description
CVE-2025-59536 identifies a code injection vulnerability present in versions of Anthropic's Claude Code prior to 1.0.111. Claude Code is described as an agentic coding tool. The vulnerability stems from a flaw in the implementation of the startup trust dialog, which could allow the tool to execute code embedded within a project before a user explicitly accepts the trust dialog. Exploitation of this vulnerability typically requires a user to initiate Claude Code within an untrusted directory. Malicious project configurations, such as those leveraging "Hooks" or Model Context Protocol (MCP) servers, could be used to execute arbitrary shell commands or exfiltrate API keys when a developer opens untrusted repositories. The issue was addressed in version 1.0.111 of Claude Code.
- Description
- Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- claude_code
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
38
Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2026-20127 3 - CVE-2025-59536 4 - CVE-2026-27509 5 - CVE-2026-27739 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Feb 2026
177 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The Claude Code RCE vulnerability (CVE-2025-59536) is a perfect case study for why agentic AI needs security-first architecture. Giving AI agents shell access without proper sandboxing is like handing out root keys to your infrastructure. Every team deploying coding agents should
@StephanFerraro
27 Feb 2026
68 Impressions
0 Retweets
2 Likes
1 Bookmark
2 Replies
0 Quotes
⚠️Check PointがClaude Codeの重大脆弱性を公開 The Hacker Newsでも報道されました 内容はかなり深刻で ・悪意あるリポジトリを開くだけ ・RCE(Remote Code Execution=外部から任意コード実行)可能 ・APIキー盗
@onumaro92
26 Feb 2026
177 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Check Point disclosed critical Claude Code vulnerabilities yesterday (CVE-2025-59536, CVE-2026-21852). Three attack vectors, all execution before trust dialogs. RCE via hooks: Malicious .claude/settings.json executes shell commands on SessionStart. Clone poisoned repo, run
@ManfredMancxx
26 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE in Code: How Attackers Can Hijack #AI Assistants and Steal API Keys (#CVE-2025-59536 & #CVE-2026-21852) + Video https://t.co/aOkUZKfrk5 Educational Purposes!
@UndercodeUpdate
26 Feb 2026
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I hacked Claude Code! It turns out "agentic" is just a fancy new way to get a shell. I achieved full RCE and hijacked organization API keys. CVE-2025-59536 | CVE-2026-21852 https://t.co/GymKzaM1wp #ai #Claude
@Od3dV
26 Feb 2026
57753 Impressions
96 Retweets
448 Likes
308 Bookmarks
6 Replies
13 Quotes
Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project https://t.co/nXlrDqdhgK h
@blackorbird
26 Feb 2026
2078 Impressions
9 Retweets
21 Likes
8 Bookmarks
0 Replies
0 Quotes
What dropped today (while these clowns are still selling unsecured garbage bots that get your account nuked): • Claude Code Config Bypass/CVE-2025-59536 + CVE-2026-21852 lets attackers RCE your dev box and steal API keys just by cloning a poisoned repo — disclosed Feb 25, 20
@Double00Kevin
26 Feb 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Anthropic社のAI「Claude Code」において、リモートでコードが実行される可能性のある深刻な脆弱性が発見されました。この問題は、CVE-2025-59536およびCVE-2026-21852として追跡されています。
@omomuki_tech
26 Feb 2026
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration - https://t.co/yCtHWMfO00 • Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level https
@AISecHub
26 Feb 2026
1660 Impressions
3 Retweets
26 Likes
13 Bookmarks
2 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-20700 3 - CVE-2026-2003 4 - CVE-2025-21042 5 - CVE-2025-59536 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Feb 2026
182 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Check Point found CVE-2025-59536 and CVE-2026-21852 in Claude Code allow remote code execution and API key theft via untrusted repository configurations, reachable by simply cloning and opening a project. They warn that built-in hooks and env vars could … https://t.co/nEKaQHLG0
@Cyber_O51NT
26 Feb 2026
943 Impressions
12 Retweets
15 Likes
1 Bookmark
2 Replies
0 Quotes
Researchers disclose critical flaws in Anthropic's Claude Code enabling remote code execution and API key theft via untrusted repositories, tracked as CVE-2025-59536 and CVE-2026-21852. #AIsecurity https://t.co/49GjRjE368
@threatcluster
26 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Claude Codeに遠隔コード実行及びAPIキー窃取の脆弱性。Check Point社報告。CVE-2025-59536及びCVE-2026-21852。信頼されないリポジトリをクローンして開くことで、悪意ある設定ファイルから発動。処理に際し明示的な認
@__kokumoto
25 Feb 2026
1147 Impressions
3 Retweets
3 Likes
5 Bookmarks
0 Replies
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | https://t.co/DUPocNPaNh
@ninp0
25 Feb 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/fTjad1Bg5x
@Dinosn
25 Feb 2026
1281 Impressions
2 Retweets
1 Like
4 Bookmarks
0 Replies
0 Quotes
🚨 Check Point: Claude Code Project Files Bug Enables RCE + API Token Theft (CVE-2025-59536) Check Point Research details how malicious Claude Code project configurations can trigger code injection/RCE and exfiltrate API credentials when a user opens an untrusted repo, abusing
@ThreatSynop
25 Feb 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude is down? 🚨 Feb 25, 2026: Sonnet/Opus 4.6 are hitting "Attempt 1 of 10" errors due to emergency patching for CVE-2025-59536 (RCE/Token leak) & massive "distillation attacks" by rival labs. 💡 Switch to Haiku 4.5, it’s on a separate cluster and currently stable!
@SanjayDCL
25 Feb 2026
312 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Check Point | Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/4ymK4vGUTN
@StopMalvertisin
25 Feb 2026
349 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Claude Code can execute commands prior to the startup trust dialog · CVE-2025-59536 · GitHub Advisory Database https://t.co/BSDZjqCtv9
@pHo9UBenaA
3 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🟧 CVE-2025-59536, CVSS: 8.7 (High) Claude Code version before 1.0.111, Anthropics. Code Injection vulnerability due to a bug in the startup trust dialog. Attackers can exploit this by starting Claude Code in an untrusted directory, potentially executing arbitrary code befor
@UjlakiMarci
3 Oct 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-59536 Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code … https://t.co/ltxoohKcDR
@CVEnew
3 Oct 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-59536: HIGH] Claude Code version 1.0.111 fixes vulnerability to Code Injection due to a bug in the startup trust dialog. Update to the latest version to stay safe. #CyberSecurity#cve,CVE-2025-59536,#cybersecurity https://t.co/KlQBG5EjZf https://t.co/cCFmtkW4Ti
@CveFindCom
3 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "F3228CCD-772D-459F-ACFD-0230FD8AB721",
"versionEndExcluding": "1.0.111"
}
],
"operator": "OR"
}
]
}
]