#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations.

daniel1820815@infosec.exchange

#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 - Check Point Research

Latest Research by our Team

Check Point Research (research.checkpoint.com)

CIRCLE WITH A DOT

#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations.

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 - Check Point Research