Claude Code Security Flaws Allow Remote Code Execution and API Key Exfiltration (Check Point Research)
If you use Claude Code in your development workflow, stop and read this before opening another repository. Check Point Research has disclosed two critical vulnerabilities — CVE-2026-21852 and CVE-2025-59536 — in Anthropic’s Claude Code agentic coding tool. The flaws allowed attackers to execute arbitrary code on a victim’s machine and exfiltrate API keys. The attack vector required only a malicious configuration file placed in a repository. The exploit triggered automatically — before the user saw or accepted the trust dialog. ...