- Check Point found three vulnerabilities in Claude Code AI coding assistant
- Flaws enabled RCE and API key theft
- Issues exploited via malicious repositories; all patched before disclosure
If you’re looking at deeply integrating AI tools into your workflows, be extra careful, as some popular AI models come with severe vulnerabilities which can turn a trusted digital assistant into a malicious insider.
Researchers from Check Point (CPR) have detailed three vulnerabilities in Claude Code which can be used to remotely execute malicious code (RCE), or steal sensitive data such as API credentials, from unsuspecting victims.
Of the three flaws, two have been labeled: CVE-2025-59536 (8.7/10), and CVE-2026-21852 (5.3/10). The third one that hasn’t been assigned a CVE yet, is a code injection vulnerability.
Reassessing traditional security assumptions
Claude Code is an advanced AI‑powered coding assistant that lets developers work with AI directly inside their coding environment (like their terminal or IDE). The assistant can do all sorts of things, including executing tasks across entire codebases, all based on natural language instructions.
CPR says an attacker could create a malicious repository that includes specially crafted project-level configuration files, and share it with a developer (for example, via a phishing email, or a fake job assignment).
If the developer clones the repository to their local machine, and opens the project directory in Claude Code, the tool will automatically load it, allowing the attacker to abuse built-in mechanisms and trigger hidden shell commands. As a result, user consent prompts are overridden, and external tools and services initialized before being given explicit approval.
Simply put, the attacker can be given remote code execution capabilities or can exfiltrate Anthropic API keys before the user confirms trust in the project.
“AI-powered coding tools are rapidly becoming part of enterprise development workflows. Their productivity benefits are significant, but so is the need to reassess traditional security assumptions,” CPR said.
“Configuration files are no longer passive settings. They can influence execution, networking, and permissions. As AI integration deepens, security controls must evolve to match the new trust boundaries.”
Fortunately, CPR says all issues were resolved prior to public disclosure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/LJ7xXkLMRdgVo8vT4Ccgrb-2560-80.jpg
Source link
