- Researchers at Check Point disclosed critical vulnerabilities in Anthropic’s Claude Code AI assistant.
- The flaws, including CVE-2025-59536 and CVE-2026-21852, could allow remote code execution and API key theft.
- Simply opening a malicious repository in the tool could trigger attacks, altering the software supply chain threat model.
Cybersecurity researchers from Check Point Research revealed in February 2026 that multiple critical security vulnerabilities were discovered in Anthropic’s Claude Code AI coding assistant, which could lead to remote code execution and the theft of API credentials. These flaws fundamentally change the threat landscape, demonstrating that opening an untrusted project can be as dangerous as running untrusted code in AI-powered development environments.
The vulnerabilities, CVE-2025-59536 and CVE-2026-21852, exploited configuration mechanisms like hooks and environment variables. Consequently, a malicious repository could execute arbitrary shell commands automatically upon initialization or exfiltrate the user’s Anthropic API keys before a trust prompt was shown. As Check Point stated in their report, “configuration files effectively become part of the execution layer.”
This meant an attacker controlling a repository could redirect API traffic to their own infrastructure, capturing developer credentials. Anthropic confirmed the risk, noting in an advisory that Claude Code would “issue API requests before showing the trust prompt, including potentially leaking the user’s API keys.” However, patches were released between September 2025 and January 2026, fixing these specific issues in subsequent versions of the software.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
