ALPARAITrust Infrastructure

Where the world holds AI accountable.

Product

Incidents
Leaderboard
Dilemmas
Suggestions
Blog
Report incident

Legal

Privacy
Terms
Takedown
Cookies
Whistleblower program

About

Our story
Contact
Transparency report

Intermediary platform. User-submitted content.

Feed Incidents Leaderboard About

Claude Code Project Files RCE & API Token Exfiltration (CVE-2025-59536 & CVE-2026-21852) · ALPAR AI

criticalOther UnknownPublish anonymously

Claude Code Project Files RCE & API Token Exfiltration (CVE-2025-59536 & CVE-2026-21852)

by Publish anonymously · 2 days agoviews 0en

PII protected

Personal information such as emails, phone numbers, IDs and access tokens are automatically masked before publication.

CVE-2025-59536: Malicious `.claude/settings.json` hooks execute shell commands on SessionStart, achieving RCE before user reads the trust dialog. CVE-2026-21852: Malicious repos exfiltrate Anthropic API keys by overriding ANTHROPIC_BASE_URL to attacker-controlled servers. A single malicious commit could compromise any developer.

External Source Attribution

This incident was imported from an external open database. Licensed under CC BY 4.0 or public domain. Original source details below.

Source: AI Incident Database (Open/Stanford License)

Awaiting official response

The official response from the AI provider for this incident.

Community Discussion

No comments yet. Start the discussion!

You must sign in to join the discussion.

Details

AI ProviderUnknown

CategoryOther

When did it happen?Feb 25, 2026

Languageen