- Description
- Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- claude_code
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 - Aviv Donenfeld and Oded Vanunu https://t.co/ne7IicPoHh
@pentest_swissky
11 Apr 2026
1686 Impressions
7 Retweets
17 Likes
13 Bookmarks
0 Replies
0 Quotes
Your .json config files are execution vectors now. Claude Code CVE-2025-59536 proved it — malicious hooks in settings.json trigger RCE the moment you open a project. No click required.
@aiithingsai
8 Apr 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude情報漏洩を受けて、AI利用企業が月曜の朝イチでやるべき3つのアクション。 ① Claude Codeのバージョン確認 claude --version でv2.0.65以上か確認。未満なら即アップデート。CVE-2025-59536は悪意あるリポジトリを
@oishillc
6 Apr 2026
171 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
在陌生 repo 跑 Claude Code,API 金鑰可能已洩漏。 Check Point 披露 CVE-2025-59536(任意命令執行)+ CVE-2026-21852(密鑰外滲),攻擊鏈全程無感知,Anthropic 未有修復時間表。 vibe coding 用戶每天都咁做——邊緣場景定日
@TechPulseHK
2 Apr 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check Pointが公開したCVE-2025-59536 (CVSS 8.7)。Claude CodeのHook設定に悪意あるコードを仕込んだリポ。開発者がcloneしてプロジェクトを開くだけでRCE + APIキー漏洩。
@shun_aidev
30 Mar 2026
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1️⃣ About Claude Code vulnerabilities (CVE-2025-59536, CVE-2026-21852) : the attack surface no longer exists at the code execution layer alone. It has migrated upward into the configuration and initialization layers that govern how AI assistants interact with infrastructure b
@francescofaenzi
30 Mar 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
⚠️ "Vibe coding" is the new buzzword for 2026. But nobody is talking about the massive security timebomb it just created. Just weeks ago, Check Point Research exposed a critical vulnerability (CVE-2025-59536) in Anthropic’s Claude Code. Right now, founders are pushing
@adarshk27r
24 Mar 2026
157 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
MCP関連のCVEが3月だけで立て続けに出てる。整理する。 ① CVE-2026-26118(Azure MCP Server) - SSRF → managed identity token窃取 → Azure全リソースへの権限昇格 - CVSS 8.8。3/10パッチ済み ② CVE-2025-59536(Claude Code) - プロジ
@shun_aidev
19 Mar 2026
167 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
毎日使ってるClaude Codeに重大な脆弱性が2件見つかった(修正済み)。 CVE-2025-59536: プロジェクトファイル経由のRCE CVE-2026-21852: ANTHROPIC_BASE_URLの上書きによるAPIキー漏洩 攻撃シナリオがリアル。 悪意あるリポ
@shun_aidev
19 Mar 2026
249 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
30+ Schwachstellen in Cursor, Copilot, Windsurf & Claude Code (IDEsaster-Forschung, Dez. 2025). Kein KI-Coding-Tool ist sicher. CVE-2025-59536 (CVSS 8.7): Repo klonen reicht für RCE. Patches existieren — aber wer prüft Versions-Inventare? 👇 #KI #CyberSecurity #DevS
@OptimusflowC
18 Mar 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent #ClaudeCode vulnerabilities (CVE-2025-59536, CVE-2026-21852) show why the AI supply chain begins with the automation layer. Configuration files like .claude/settings.json are now part of the execution layer. Authority must be deterministic. 🛡️🦾 https://t.co/PGucc61
@PermissionPrtcl
17 Mar 2026
150 Impressions
0 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
#Cybernews 🚨💻 Las #Vulnerabilidades ⚠️, registradas como CVE-2025-59536 🆔 y CVE-2026-21852 🆔, podían activarse simplemente al #Clonar 🔁 y abrir 📂 un proyecto no confiable 🚫, sin necesidad de ejecutar código explícito 🧩 ni realizar acciones adicional
@totalcybersec
10 Mar 2026
219 Impressions
2 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 Intel Report: https://t.co/1U7gyRBUzM
@cyberbivash
9 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
check point found 2 flaws in claude code — anthropic's AI dev tool. CVE-2025-59536: open a project → code runs before you click "trust." CVE-2026-21852: repo configs silently redirect your API keys to the attacker. clone the wrong repo. your AI tool is the backdoor.
@The_Agent_Econ
8 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 Intel Report: https://t.co/tL4HD8m3Hz
@cyberbivash
3 Mar 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude Codeの設定ファイルが攻撃面に不正リポジトリでRCEとAPIキー窃取が成立した脆弱性(CVE-2025-59536/CVE-2026-21852) https://t.co/Vs50pJ5SIK #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews #AINews
@securityLab_jp
3 Mar 2026
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilities (CVE-2025-59536, CVE-2026-21852) in Anthropic Claude Code https://t.co/k7E25uyOfG
@ninp0
2 Mar 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude Code มีช่องโหว่ เปิดทางแฮกเกอร์รันคำสั่ง-ขโมย API Key ได้เงียบๆ https://t.co/8UxH8udJWf CVE-2025-59536, CVE-2026-21852
@ohmohm
2 Mar 2026
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
AI dev tool security alert. @claudeai Code vulnerabilities enabled: • Remote Code Execution • MCP consent bypass (CVE-2025-59536) • API key exfiltration (CVE-2026-21852) Reported by Check Point Research. Fully patched by Anthropic. Config files = potential execution vectors
@TechNadu
28 Feb 2026
188 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Report #2026-02-28-01: Claude Code flaws (CVE-2025-59536, CVE-2026-21852) enabled RCE + API token exfiltration via untrusted project files. Impact: HIGH. Source: https://t.co/rX49vfvl2V
@elagentecapital
28 Feb 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ผู้เชี่ยวชาญพบช่องโหว่ใน Anthropic Claude Code สามารถใช้ขโมยข้อมูลสำคัญ https://t.co/lVmqUC83TT CVE-2025-59536
@ohmohm
28 Feb 2026
122 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
「リポジトリをクローンして開いただけで APIキーが盗まれる」 セキュリティ企業Check Pointが Claude Codeに重大な脆弱性2件を発見・報告。 CVE-2025-59536 CVE-2026-21852 2件とも公開前にAnthropicが修正済みです🔐 ど
@Claudia_AiLab
27 Feb 2026
109 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 https://t.co/JmrQo0t4X7 #machinelearning #ai
@eyalestrin
27 Feb 2026
66 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
🚀 Top 10 AI & Dev News of the Day! 🧵👇 🚨 Claude Code RCE Flaws: Check Point Research discovered critical vulnerabilities (like CVE-2025-59536) in Claude Code that allow remote code execution and API key theft simply by opening malicious repositories. https://t.co/
@jiayun
27 Feb 2026
152 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚀 Top 10 AI & Dev News of the Day! 🧵👇 🚨 Claude Code RCE Flaws: Check Point Research discovered critical vulnerabilities (like CVE-2025-59536) in Claude Code that allow remote code execution and API key theft simply by opening malicious repositories. https://t.co/
@jiayun
27 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2026-20127 3 - CVE-2025-59536 4 - CVE-2026-27509 5 - CVE-2026-27739 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Feb 2026
246 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
The Claude Code RCE vulnerability (CVE-2025-59536) is a perfect case study for why agentic AI needs security-first architecture. Giving AI agents shell access without proper sandboxing is like handing out root keys to your infrastructure. Every team deploying coding agents should
@StephanFerraro
27 Feb 2026
79 Impressions
0 Retweets
2 Likes
1 Bookmark
2 Replies
0 Quotes
⚠️Check PointがClaude Codeの重大脆弱性を公開 The Hacker Newsでも報道されました 内容はかなり深刻で ・悪意あるリポジトリを開くだけ ・RCE(Remote Code Execution=外部から任意コード実行)可能 ・APIキー盗
@onumaro92
26 Feb 2026
210 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Check Point disclosed critical Claude Code vulnerabilities yesterday (CVE-2025-59536, CVE-2026-21852). Three attack vectors, all execution before trust dialogs. RCE via hooks: Malicious .claude/settings.json executes shell commands on SessionStart. Clone poisoned repo, run
@ManfredMancxx
26 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE in Code: How Attackers Can Hijack #AI Assistants and Steal API Keys (#CVE-2025-59536 & #CVE-2026-21852) + Video https://t.co/aOkUZKfrk5 Educational Purposes!
@UndercodeUpdate
26 Feb 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I hacked Claude Code! It turns out "agentic" is just a fancy new way to get a shell. I achieved full RCE and hijacked organization API keys. CVE-2025-59536 | CVE-2026-21852 https://t.co/GymKzaM1wp #ai #Claude
@Od3dV
26 Feb 2026
60136 Impressions
102 Retweets
470 Likes
334 Bookmarks
6 Replies
13 Quotes
Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project https://t.co/nXlrDqdhgK h
@blackorbird
26 Feb 2026
2078 Impressions
9 Retweets
21 Likes
8 Bookmarks
0 Replies
0 Quotes
What dropped today (while these clowns are still selling unsecured garbage bots that get your account nuked): • Claude Code Config Bypass/CVE-2025-59536 + CVE-2026-21852 lets attackers RCE your dev box and steal API keys just by cloning a poisoned repo — disclosed Feb 25, 20
@Double00Kevin
26 Feb 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Anthropic社のAI「Claude Code」において、リモートでコードが実行される可能性のある深刻な脆弱性が発見されました。この問題は、CVE-2025-59536およびCVE-2026-21852として追跡されています。
@omomuki_tech
26 Feb 2026
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration - https://t.co/yCtHWMfO00 • Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level https
@AISecHub
26 Feb 2026
1660 Impressions
3 Retweets
26 Likes
13 Bookmarks
2 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-20700 3 - CVE-2026-2003 4 - CVE-2025-21042 5 - CVE-2025-59536 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Feb 2026
182 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Check Point found CVE-2025-59536 and CVE-2026-21852 in Claude Code allow remote code execution and API key theft via untrusted repository configurations, reachable by simply cloning and opening a project. They warn that built-in hooks and env vars could … https://t.co/nEKaQHLG0
@Cyber_O51NT
26 Feb 2026
943 Impressions
12 Retweets
15 Likes
1 Bookmark
2 Replies
0 Quotes
Researchers disclose critical flaws in Anthropic's Claude Code enabling remote code execution and API key theft via untrusted repositories, tracked as CVE-2025-59536 and CVE-2026-21852. #AIsecurity https://t.co/49GjRjE368
@threatcluster
26 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Claude Codeに遠隔コード実行及びAPIキー窃取の脆弱性。Check Point社報告。CVE-2025-59536及びCVE-2026-21852。信頼されないリポジトリをクローンして開くことで、悪意ある設定ファイルから発動。処理に際し明示的な認
@__kokumoto
25 Feb 2026
1147 Impressions
3 Retweets
3 Likes
5 Bookmarks
0 Replies
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | https://t.co/DUPocNPaNh
@ninp0
25 Feb 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/fTjad1Bg5x
@Dinosn
25 Feb 2026
1281 Impressions
2 Retweets
1 Like
4 Bookmarks
0 Replies
0 Quotes
🚨 Check Point: Claude Code Project Files Bug Enables RCE + API Token Theft (CVE-2025-59536) Check Point Research details how malicious Claude Code project configurations can trigger code injection/RCE and exfiltrate API credentials when a user opens an untrusted repo, abusing
@ThreatSynop
25 Feb 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude is down? 🚨 Feb 25, 2026: Sonnet/Opus 4.6 are hitting "Attempt 1 of 10" errors due to emergency patching for CVE-2025-59536 (RCE/Token leak) & massive "distillation attacks" by rival labs. 💡 Switch to Haiku 4.5, it’s on a separate cluster and currently stable!
@SanjayDCL
25 Feb 2026
312 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Check Point | Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/4ymK4vGUTN
@StopMalvertisin
25 Feb 2026
349 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Claude Code can execute commands prior to the startup trust dialog · CVE-2025-59536 · GitHub Advisory Database https://t.co/BSDZjqCtv9
@pHo9UBenaA
3 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🟧 CVE-2025-59536, CVSS: 8.7 (High) Claude Code version before 1.0.111, Anthropics. Code Injection vulnerability due to a bug in the startup trust dialog. Attackers can exploit this by starting Claude Code in an untrusted directory, potentially executing arbitrary code befor
@UjlakiMarci
3 Oct 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-59536 Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code … https://t.co/ltxoohKcDR
@CVEnew
3 Oct 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-59536: HIGH] Claude Code version 1.0.111 fixes vulnerability to Code Injection due to a bug in the startup trust dialog. Update to the latest version to stay safe. #CyberSecurity#cve,CVE-2025-59536,#cybersecurity https://t.co/KlQBG5EjZf https://t.co/cCFmtkW4Ti
@CveFindCom
3 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F3228CCD-772D-459F-ACFD-0230FD8AB721",
"versionEndExcluding": "1.0.111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]