Critical Claude Code Flaws Allow Remote Code Execution and API Key Theft
Stop what you’re doing and update Claude Code. Check Point Research disclosed two critical vulnerabilities today — CVE-2025-59536 and CVE-2026-21852 — that can let an attacker execute code on your machine and steal your Anthropic API key simply by having you clone and open a malicious repository. No additional interaction required. No suspicious files to download. Just opening the wrong repo is enough. What Was Disclosed Check Point Research published full technical details on both CVEs affecting Claude Code, Anthropic’s AI-powered coding assistant: ...