CVE-2026-21852 – Anthropic Claude Code

Anthropic has released security updates for Claude Code, addressing two serious vulnerabilities that expose developers to supply-chain style attacks. Both issues abused project initialization logic and trust validation. These flaws are now patched in current releases.

CVE-2025-59536 — High Severity (CVSS v3: 8.7 High)

This vulnerability allowed arbitrary code execution before the user approved the startup trust prompt. A specially crafted repository could execute shell commands or other malicious actions immediately when opened in Claude Code. This bypassed a core security control designed to prevent execution until explicit user trust. Security researchers demonstrated proof-of-concept exploitation.

CVE-2026-21852 — Medium Severity (CVSS v3: 5.3 Medium)

A logic flaw in the project load workflow allowed Claude Code to process repository configuration and send outbound API requests before trust confirmation. An attacker could redirect requests to a malicious endpoint and capture a user’s Anthropic API key. Stolen API keys can enable unauthorized access to cloud services and development environments. Proof-of-concept research confirmed the exposure risk.

There were no confirmed large-scale real-world exploitation campaigns at the time of disclosure. However, the demonstrated ability to trigger code execution and extract credentials from simply opening a repository represents a high-impact threat for developers using AI-assisted tools.