The vulnerability CVE-2026-21852 affects Anthropic's Claude Code, a coding tool that has a design flaw in its project-load flow. Prior to version 2.0.65, this vulnerability allows malicious repositories to exfiltrate sensitive data, including Anthropic API keys, before users have the chance to confirm trust in the repository. An attacker-controlled repository could set the configuration variable ANTHROPIC_BASE_URL to an endpoint controlled by the attacker. When the repository is opened, Claude Code reads this configuration and can issue API requests immediately, leading to potential leakage of the user's API keys.
Given the medium CVSS score of 5.3, this vulnerability poses a notable risk, especially since it has a low attack complexity and does not require any privileges to exploit. Users of Claude Code who have the standard auto-update feature enabled have already received the fix. However, those who perform manual updates are strongly advised to upgrade to version 2.0.65 or the latest version to mitigate this risk.
Risk to organizations includes unauthorized access to sensitive API keys, which can be exploited for malicious purposes. Attackers may leverage this vulnerability to gain access to other resources, leading to a broader security incident. Organizations should prioritize patching immediately to ensure that API keys remain secure against potential exfiltration.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)