- Check Point found three vulnerabilities in the Claude Code AI coding assistant
- Error enabled RCE and API key theft
- Issues exploited via malicious repositories; all patched before publication
If you’re looking at deeply integrating AI tools into your workflows, be extra careful, as some popular AI models come with serious vulnerabilities that can turn a trusted digital assistant into a malicious insider.
Researchers from Check Point (CPR) have detailed three vulnerabilities in Claude Code that can be used to remotely execute malicious code (RCE) or steal sensitive data such as API credentials from unsuspecting victims.
Of the three bugs, two have been tagged: CVE-2025-59536 (8.7/10) and CVE-2026-21852 (5.3/10). The third, which has not yet been assigned a CVE, is a code injection vulnerability.
Re-evaluating traditional security assumptions
Claude Code is an advanced AI-powered coding assistant that lets developers work with AI directly inside their coding environment (like their terminal or IDE). The assistant can do all kinds of things, including performing tasks across entire codebases, all based on natural language instructions.
The CPR says that an attacker can create a malicious repository that includes specially crafted project-level configuration files and share it with a developer (for example, via a phishing email or a fake job assignment).
If the developer clones the repository to their local machine and opens the project folder in Claude Code, the tool will automatically load it, allowing the attacker to abuse built-in mechanisms and trigger hidden shell commands. As a result, user consent messages are ignored and external tools and services are initialized before being explicitly authorized.
In short, the attacker can gain remote code execution or can exfiltrate anthropic API keys before the user confirms trust in the project.
“AI-powered coding tools are quickly becoming part of enterprise development workflows. Their productivity benefits are significant, but so is the need to reevaluate traditional security assumptions,” CPR said.
“Configuration files are no longer passive settings. They can affect execution, networking, and permissions. As AI integration deepens, security controls must evolve to match the new trust boundaries.”
Fortunately, CPR says all issues were resolved before publication.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
