Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-24052 is a high-severity vulnerability in the @anthropic-ai/claude-code software versions prior to 1.0.111. The issue stems from insufficient URL validation in the trusted domain verification mechanism used for WebFetch requests. The application used a startsWith() function to check if a URL belonged to trusted domains like "docs.python.org" or "modelcontextprotocol.io". However, this method allowed attackers to register malicious domains such as "modelcontextprotocol.io.example.com" that would incorrectly pass the validation.'}, {'type': 'paragraph', 'content': 'This flaw enables automatic requests to attacker-controlled domains without user consent, potentially leading to unauthorized data exfiltration. The vulnerability can be exploited remotely, requires no privileges or user interaction, and has low attack complexity. It is classified under CWE-20 (Improper Input Validation) and CWE-601 (URL Redirection to Untrusted Site, or Open Redirect). The issue was fixed in version 1.0.111.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can lead to automatic requests being sent to attacker-controlled domains without the user's consent. As a result, sensitive data could be exfiltrated from the affected system, causing a high confidentiality impact."}, {'type': 'paragraph', 'content': 'There is no impact on the integrity or availability of the system, but the unauthorized data leakage could compromise user privacy and security.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the @anthropic-ai/claude-code software to version 1.0.111 or later, where the issue has been patched.

Users relying on automatic updates have likely already received the patch, but manual updaters should promptly apply the update to prevent exploitation.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability could lead to unauthorized data exfiltration by enabling automatic requests to attacker-controlled domains without user consent.

Such unauthorized data leakage may impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over personal and sensitive data to prevent unauthorized disclosure.

Therefore, if exploited, this vulnerability could result in violations of these standards due to potential confidentiality breaches.

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability arises from insufficient URL validation in the trusted domain verification mechanism of Claude Code versions prior to 1.0.111. Detection involves identifying if your system is running a vulnerable version of the @anthropic-ai/claude-code software.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your network, you can monitor outgoing WebFetch requests that target suspicious domains resembling trusted domains but with additional subdomains, such as domains ending with trusted domains plus extra labels (e.g., modelcontextprotocol.io.example.com).'}, {'type': 'paragraph', 'content': 'Suggested commands include searching logs or network traffic for requests to domains that start with trusted domains but have additional prefixes or suffixes. For example, using command-line tools like grep or network monitoring tools:'}, {'type': 'list_item', 'content': "grep -iE 'modelcontextprotocol\\.io\\.|docs\\.python\\.org\\.' /path/to/logs"}, {'type': 'list_item', 'content': "tcpdump -i any -nn -s 0 -A 'dst host modelcontextprotocol.io or dst host docs.python.org' | grep -i 'modelcontextprotocol.io.'"}, {'type': 'paragraph', 'content': 'Additionally, verify the installed version of Claude Code to ensure it is at least version 1.0.111 or later, as earlier versions are vulnerable.'}, {'type': 'list_item', 'content': 'Check version with: npm list @anthropic-ai/claude-code or equivalent package manager commands.'}] [1]

Useful 0 Not Useful 0