CVE-2026-24052
published 2026-02-03CVE-2026-24052: Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism…
PriorityP342high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
0.34%
25.6th percentile
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. This issue has been patched in version 1.0.111.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anthropic-ai | claude-code | >= 0 < 1.0.111 | 1.0.111 |
| anthropic | claude_code | < 1.0.111 | 1.0.111 |
| anthropics | claude-code | < 1.0.111 | 1.0.111 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
ghsa·2026-02-03
CVE-2026-24052 [HIGH] CWE-601 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a `startsWith()` function to validate trusted domains (e.g., `docs.python.org`, `modelcontextprotocol.io`), this could have enabled attackers to register domains like `modelcontextprotocol.io.example.com` that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration.
Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.
Thank you to hackerone.com/47sid-pra
OSV
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
osv·2026-02-03
CVE-2026-24052 [HIGH] Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a `startsWith()` function to validate trusted domains (e.g., `docs.python.org`, `modelcontextprotocol.io`), this could have enabled attackers to register domains like `modelcontextprotocol.io.example.com` that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration.
Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.
Thank you to hackerone.com/47sid-pra
No detection rules found.
No public exploits indexed.
2026-02-03
Published