Daniel Kuhl ✌🏻☮️☕️Mar 5

#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.

https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 - Check Point Research

By Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands […]

Check Point Research
Show threadadingbatponder  👾Mar 5
@daniel1820815 Fascinating article. Excellent work. My question is: I always run #ClaudeCode in a #nixos #developmentenvironment and was wondering if this helps protect against exploits, or if it is no protection at all.
Show threadDaniel Kuhl ✌🏻☮️☕️
@adingbatponder The issue relates to repository-controlled configurations like .claude/settings.json files for example. If you keep your work local it should be fine. Using a repository you need to make sure who can modify your config files.
Mar 6 at 5:42amWeb
Show threadadingbatponder  👾Mar 6
@daniel1820815 OK. So team work was the issue. If only I am working using local claude settings on my local machine then only I can set up foot guns.