CVE-2026-21852

MEDIUM SEVERITY

Vulnerability Description

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.

Vulnerability Details

Published Date

January 21, 2026

Last Modified

January 26, 2026

CWE ID

CWE-522

Source

GitHub

Vendor

npm

Product

@anthropic-ai/claude-code

External References

https://github.com/anthropics/claude-code/security/advisories/GHSA-jh7p-qr78-84p7
https://nvd.nist.gov/vuln/detail/CVE-2026-21852
https://github.com/advisories/GHSA-jh7p-qr78-84p7

CVE-2026-21852

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment