CVE-2026-21852Insufficiently Protected Credentials in Claude-code

CWE-522Insufficiently Protected Credentials6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Anthropics Claude-codeAnthropic Claude CodeAnthropic-ai Claude-code
Timeline
PublishedJan 21
Latest updateApr 11

Description

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, poten

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDanthropic/claude_code< 2.0.65
CVEListV5anthropics/claude-code< 2.0.65

🔴Vulnerability Details

3
VulDB
Anthropic claude-code up to 2.0.64 insufficiently protected credentials (GHSA-jh7p-qr78-84p7 / EUVD-2026-3597)2026-04-11
OSV
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation2026-01-21
GHSA
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation2026-01-21

🕵️Threat Intelligence

2
Zscaler
Anthropic Claude Code Leak | ThreatLabz2026-04-01
Wiz
CVE-2026-21852 Impact, Exploitability, and Mitigation Steps | Wiz