Claude Code Vulnerabilities Let Attackers Run Arbitrary Commands and Steal API Keys by Cloning a Repository
Check Point Research disclosed two CVEs in Anthropic's Claude Code that turned project configuration files into attack vectors, enabling remote code execution and API key exfiltration before users could approve a trust dialog.
4 min read4 sources