#unsandboxed-extensions

#unsandboxed-extensions

A malicious Google Calendar event can trigger remote code execution in Claude Desktop, enabling silent system compromise via unsandboxed extensions and MCP trust failures.