Skip to content
CallSphere - AI voice and chat agents for businessCallSphere
Back to Blog
AI News3 min read

Critical Claude Code Vulnerabilities Allowed Remote Code Execution and API Key Theft

Check Point Research discovers critical flaws in Claude Code exploiting hooks, MCP servers, and env variables to achieve RCE and exfiltrate API credentials from developer machines.

AI Coding Tools Face Security Scrutiny

Check Point Research disclosed critical vulnerabilities in Anthropic's Claude Code that allowed attackers to achieve remote code execution and steal API credentials through malicious project configurations.

The Vulnerabilities

CVE-2025-59536 (CVSS 8.7): A code injection vulnerability that executed arbitrary shell commands automatically when a user started Claude Code in an untrusted directory. The attack triggered during tool initialization — before any user action.

CVE-2026-21852 (CVSS 5.3): A broader flaw that harvested developers' API keys with no user interaction required. If a repository's settings file set ANTHROPIC_BASE_URL to an attacker-controlled endpoint, Claude Code would issue API requests (including API keys) before showing the trust prompt.

Attack Vectors

The vulnerabilities exploited three Claude Code configuration mechanisms:

  1. Hooks — Custom shell commands triggered by events
  2. MCP Servers — Model Context Protocol server configurations
  3. Environment Variables — Project-level variable overrides

The Risk

Any developer who cloned and opened an untrusted repository could have their:

  • Machine compromised with arbitrary code execution
  • Anthropic API key exfiltrated to attacker-controlled servers
  • Development environment compromised

Fixes Applied

  • CVE-2025-59536: Fixed in Claude Code version 1.0.111 (October 2025)
  • CVE-2026-21852: Fixed in Claude Code version 2.0.65 (January 2026)

All reported issues were patched before the public disclosure.

Source: Check Point Research | The Hacker News | Dark Reading | CyberSecurity News

Share this article
N

NYC News

Expert insights on AI voice agents and customer communication automation.

Try CallSphere AI Voice Agents

See how AI voice agents work for your industry. Live demo available -- no signup required.

Book a DemoTry Live Demo

Related Articles

AI News

QuitGPT Movement Plans In-Person Protest at OpenAI HQ as 1.5 Million Take Action

The QuitGPT movement claims 1.5 million participants and plans a physical protest at OpenAI's San Francisco headquarters on March 3, 2026.

AI News

'Cancel ChatGPT' Movement Goes Viral as Users Flee to Claude Over Pentagon Deal

The #CancelChatGPT movement surges as 700,000+ users ditch OpenAI after its Pentagon deal, with an in-person protest planned at OpenAI HQ.

AI News

Claude Launches Memory Import: Switch from ChatGPT Without Losing Your Data

Anthropic releases a memory import tool letting users transfer all their ChatGPT memories to Claude in under 60 seconds as the #QuitGPT movement surges.