CVE-2026-24052 — Open Redirect in Claude-code

CWE-601 — Open Redirect4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 97.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropics Claude-code Anthropic Claude Code Anthropic-ai Claude-code

Timeline

PublishedFeb 3

Description

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains wit…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDanthropic/claude_code< 1.0.111

▶CVEListV5anthropics/claude-code< 1.0.111

▶npmanthropic-ai/claude-code< 1.0.111

🔴Vulnerability Details

GHSA

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains↗2026-02-03

▶

OSV

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains↗2026-02-03

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24052 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶