Critical Vulnerability in Claude Code Emerges Days After Source Leak — Researchers Find Exploitable Flaw
Anthropic’s accidental Claude Code source leak, first reported last week, has had a consequence that security researchers were quietly warning about: someone used the exposed code to find a real, critical vulnerability. This is distinct from the Vidar malware campaign that exploited brand confusion around the leak (also covered here previously). That was opportunistic social engineering — attackers leveraging the story of the leak to distribute malware. What SecurityWeek is reporting now is different: researchers with access to Claude Code’s 600,000-line codebase — exposed via npm source maps — used that access to conduct legitimate offensive security research and found a critical functional vulnerability. ...