Malicious Repo Files Could Hijack Claude Code Sessions

2 weeks ago bankinfosecurity

Flaws Let Attackers Run Commands and Steal API Keys Before Trust Prompt Rashmi Ramesh (rashmiramesh_) • February 26, 2026

Multiple vulnerabilities in Anthropic's Claude Code could enable attackers to run harmful commands and steal API keys by hiding malicious files in a code repository, Check Point researchers found. (Image: Shutterstock)

Multiple vulnerabilities in Anthropic's Claude Code could enable attackers to run harmful commands and steal API keys by hiding malicious files in a code repository, with no action needed from the victim other than opening the project, security researchers found.

Check Point reported three flaws to Anthropic between July and October 2025: a Hooks vulnerability tracked under GitHub Security Advisory GHSA-ph6w-f82w-28w6, and two others tracked as CVE-2025-59536 and CVE-2026-21852. The artificial intelligence giant patched all three before Check Point published the Wednesday report detailing the vulnerabilities.

Claude Code is ...

Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE

Share:

More related news