Zero-Click Vulnerability in Claude Desktop Extensions Exposed 10,000+ Users to RCE
Security researchers discover a zero-click flaw in Claude's desktop extension system that could execute malicious code without user interaction — Anthropic declines to fix.
No Click Required
Security researchers disclosed a zero-click vulnerability in Claude's desktop extension (.dxt) system that could have exposed over 10,000 users to remote code execution without any user interaction.
The Vulnerability
The flaw existed in how Claude Desktop processed extensions:
- Malicious extensions could execute arbitrary code during installation
- No user confirmation or approval was needed
- The attack surface included any user who installed a compromised extension
Anthropic's Response
In an unusual move, Anthropic reportedly declined to fix the specific vulnerability, instead pointing to broader security measures and the extension review process as mitigating factors.
Related Security Concerns
This disclosure came alongside the Check Point Research findings of CVE-2025-59536 and CVE-2026-21852, creating a pattern of security concerns around Claude's extensibility features:
- Hooks — Custom shell commands exploitable by malicious repos
- MCP Servers — Configuration injection points
- Extensions — Zero-click code execution
- Environment Variables — API key exfiltration vectors
The Broader Lesson
As AI tools gain more system access — editing files, running commands, installing extensions — their attack surface expands proportionally. The tension between powerful AI capabilities and security is becoming a defining challenge for the industry.
Security researchers recommend treating AI tool configurations with the same caution as running untrusted code.
Source: LayerX Security | Infosecurity Magazine | CyberNews
NYC News
Expert insights on AI voice agents and customer communication automation.
Try CallSphere AI Voice Agents
See how AI voice agents work for your industry. Live demo available -- no signup required.