Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System - DevOps.com

Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System - DevOps.com

Briefly

"A dangerous vulnerability found in Anthropic's popular Claude Code developer model could have allowed bad actors to grab control of a victim's system by luring them into clicking on a crafted malicious deeplink. Once in, the attacker could exploit the remote code execution (RCE) security flaw to execute arbitrary commands - such as shell commands - into the target's Claude Code model. The vulnerability in version 2.1.118 of the model has since been fixed, but it's another example of the security issues in these developer-focused tools that arise as adoption accelerates."

"The RCE vulnerability in Claude Code was uncovered by security researcher Joernchen of 0day.click as he manually worked through the model's source code "looking at different configuration options and tried to see what's actually 'useful' from an attacker's perspective." A Parsing Problem After doing some "spelunking in the early-executed code in main.tsx," Joernchen wrote that he found a problem in the eagerParseCliFlag function in the model's main.tsx, which is used to parse certain command-line flag like -settings before the main initialization route runs."

""I came to the conclusion that this style of parsing was very handy to exploit Claude Code's deeplink handling," the researcher wrote. "Traditionally deeplink handlers tend to be vulnerable to some shell escape issues. This however was not the problem here." At issue, he wrote, is that eagerParseCliFlag "naively parsed" the entire command line with any strin"