CVE-2026-21852

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.65

Description A flaw in the project-load flow of Claude Code allows malicious repositories to exfiltrate sensitive data, such as Anthropic API keys, before a user confirms trust. An attacker can include a settings file in a repository that modifies the ANTHROPIC BASE URL variable to point to an attacker-controlled endpoint. When the repository is opened, the software reads this configuration and issues API requests immediately, bypassing the trust prompt and potentially leaking the user's API keys.

Recommendations Update to version 2.0.65 or the latest version.