CVE-2026-21852
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 2.0.65 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Claude Code versions prior to 2.0.65 allows a malicious repository to exfiltrate sensitive data, including Anthropic API keys, before the user confirms trust. When a user opens a repository controlled by an attacker that includes a settings file setting the environment variable ANTHROPIC_BASE_URL to an attacker-controlled endpoint, Claude Code sends API requests to that endpoint immediately, leaking API keys. This happens before the trust prompt is shown, requiring no special privileges or user interaction beyond opening the repository. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information such as Anthropic API keys to attackers. This can allow attackers to misuse these keys, potentially leading to unauthorized access to services or data associated with those keys. However, the impact on confidentiality, integrity, and availability of the vulnerable system is considered low, and there are no subsequent system impacts reported. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unexpected API requests sent by Claude Code to unknown or attacker-controlled endpoints, especially those involving the ANTHROPIC_BASE_URL environment variable. Since the vulnerability causes Claude Code to send API requests before the trust prompt, inspecting outgoing requests from the Claude Code process when opening new repositories may reveal suspicious activity. Specific commands could include using network monitoring tools like 'tcpdump' or 'Wireshark' to capture outgoing traffic from the system, filtering for unusual destinations or endpoints. Additionally, checking environment variables or configuration files in repositories for the presence of ANTHROPIC_BASE_URL set to non-standard URLs may help identify malicious repositories. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, users should update Claude Code to version 2.0.65 or later, as this version contains the patch that fixes the issue. Users who have automatic updates enabled have likely already received the fix. Those performing manual updates should upgrade to the latest version as soon as possible. Avoid opening repositories from untrusted sources until the update is applied to prevent potential exfiltration of API keys. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves unauthorized exposure of sensitive information, specifically Anthropic API keys, due to insecure handling of authentication credentials. Such exposure of sensitive data could potentially lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and disclosure. However, the provided resources do not explicitly discuss compliance impacts or regulatory considerations. [1]