- Description
- Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- claude_code
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-522
- Hype score
- Not currently trending
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 Intel Report: https://t.co/1U7gyRBUzM
@cyberbivash
9 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
check point found 2 flaws in claude code — anthropic's AI dev tool. CVE-2025-59536: open a project → code runs before you click "trust." CVE-2026-21852: repo configs silently redirect your API keys to the attacker. clone the wrong repo. your AI tool is the backdoor.
@The_Agent_Econ
8 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 Intel Report: https://t.co/tL4HD8m3Hz
@cyberbivash
3 Mar 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude Codeの設定ファイルが攻撃面に不正リポジトリでRCEとAPIキー窃取が成立した脆弱性(CVE-2025-59536/CVE-2026-21852) https://t.co/Vs50pJ5SIK #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews #AINews
@securityLab_jp
3 Mar 2026
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilities (CVE-2025-59536, CVE-2026-21852) in Anthropic Claude Code https://t.co/k7E25uyOfG
@ninp0
2 Mar 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Claude Code มีช่องโหว่ เปิดทางแฮกเกอร์รันคำสั่ง-ขโมย API Key ได้เงียบๆ https://t.co/8UxH8udJWf CVE-2025-59536, CVE-2026-21852
@ohmohm
2 Mar 2026
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
AI dev tool security alert. @claudeai Code vulnerabilities enabled: • Remote Code Execution • MCP consent bypass (CVE-2025-59536) • API key exfiltration (CVE-2026-21852) Reported by Check Point Research. Fully patched by Anthropic. Config files = potential execution vectors
@TechNadu
28 Feb 2026
188 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Report #2026-02-28-01: Claude Code flaws (CVE-2025-59536, CVE-2026-21852) enabled RCE + API token exfiltration via untrusted project files. Impact: HIGH. Source: https://t.co/rX49vfvl2V
@elagentecapital
28 Feb 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
「リポジトリをクローンして開いただけで APIキーが盗まれる」 セキュリティ企業Check Pointが Claude Codeに重大な脆弱性2件を発見・報告。 CVE-2025-59536 CVE-2026-21852 2件とも公開前にAnthropicが修正済みです🔐 ど
@Claudia_AiLab
27 Feb 2026
109 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚠️Check PointがClaude Codeの重大脆弱性を公開 The Hacker Newsでも報道されました 内容はかなり深刻で ・悪意あるリポジトリを開くだけ ・RCE(Remote Code Execution=外部から任意コード実行)可能 ・APIキー盗
@onumaro92
26 Feb 2026
210 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Check Point disclosed critical Claude Code vulnerabilities yesterday (CVE-2025-59536, CVE-2026-21852). Three attack vectors, all execution before trust dialogs. RCE via hooks: Malicious .claude/settings.json executes shell commands on SessionStart. Clone poisoned repo, run
@ManfredMancxx
26 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE in Code: How Attackers Can Hijack #AI Assistants and Steal API Keys (#CVE-2025-59536 & #CVE-2026-21852) + Video https://t.co/aOkUZKfrk5 Educational Purposes!
@UndercodeUpdate
26 Feb 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I hacked Claude Code! It turns out "agentic" is just a fancy new way to get a shell. I achieved full RCE and hijacked organization API keys. CVE-2025-59536 | CVE-2026-21852 https://t.co/GymKzaM1wp #ai #Claude
@Od3dV
26 Feb 2026
60136 Impressions
102 Retweets
470 Likes
334 Bookmarks
6 Replies
13 Quotes
Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project https://t.co/nXlrDqdhgK h
@blackorbird
26 Feb 2026
2078 Impressions
9 Retweets
21 Likes
8 Bookmarks
0 Replies
0 Quotes
What dropped today (while these clowns are still selling unsecured garbage bots that get your account nuked): • Claude Code Config Bypass/CVE-2025-59536 + CVE-2026-21852 lets attackers RCE your dev box and steal API keys just by cloning a poisoned repo — disclosed Feb 25, 20
@Double00Kevin
26 Feb 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Anthropic社のAI「Claude Code」において、リモートでコードが実行される可能性のある深刻な脆弱性が発見されました。この問題は、CVE-2025-59536およびCVE-2026-21852として追跡されています。
@omomuki_tech
26 Feb 2026
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration - https://t.co/yCtHWMfO00 • Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level https
@AISecHub
26 Feb 2026
1660 Impressions
3 Retweets
26 Likes
13 Bookmarks
2 Replies
0 Quotes
Check Point found CVE-2025-59536 and CVE-2026-21852 in Claude Code allow remote code execution and API key theft via untrusted repository configurations, reachable by simply cloning and opening a project. They warn that built-in hooks and env vars could … https://t.co/nEKaQHLG0
@Cyber_O51NT
26 Feb 2026
943 Impressions
12 Retweets
15 Likes
1 Bookmark
2 Replies
0 Quotes
Researchers disclose critical flaws in Anthropic's Claude Code enabling remote code execution and API key theft via untrusted repositories, tracked as CVE-2025-59536 and CVE-2026-21852. #AIsecurity https://t.co/49GjRjE368
@threatcluster
26 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Claude Codeに遠隔コード実行及びAPIキー窃取の脆弱性。Check Point社報告。CVE-2025-59536及びCVE-2026-21852。信頼されないリポジトリをクローンして開くことで、悪意ある設定ファイルから発動。処理に際し明示的な認
@__kokumoto
25 Feb 2026
1147 Impressions
3 Retweets
3 Likes
5 Bookmarks
0 Replies
0 Quotes
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/fTjad1Bg5x
@Dinosn
25 Feb 2026
1281 Impressions
2 Retweets
1 Like
4 Bookmarks
0 Replies
0 Quotes
Check Point | Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 https://t.co/4ymK4vGUTN
@StopMalvertisin
25 Feb 2026
349 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "DD35DBC7-825A-49D0-825E-8DD6BE1A257A",
"versionEndExcluding": "2.0.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]