CVE-2026-7574
Received Received - Intake
VM Image Integrity Check Bypass in Anthropic Claude Desktop Cowork

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: Austin Hackers Anonymous

Description
Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-7574
EUVD
EUVD-2026-38639
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_desktop From 1.1348.0 (inc) to 1.2278.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-353 The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Anthropic Claude Desktop Cowork VM images from versions v1.1348.0 through v1.2278.0. The VM image handling process only checks for the presence of the file and a version marker string before booting the root filesystem image (rootfs.img), but it does not verify the integrity of the image content at the time it is used.

As a result, a local attacker who already has unprivileged code execution on the victim's macOS user account can modify the VM root filesystem image. Because the system trusts the modified image on subsequent VM boots, the attacker can achieve persistent arbitrary code execution within the VM and gain access to directories mounted from the host.

This vulnerability is mapped to CWE-353, which refers to missing support for integrity checks.

Impact Analysis

The vulnerability allows a local attacker with limited privileges to persistently execute arbitrary code inside the VM environment by modifying the VM root filesystem image.

This persistent code execution can lead to unauthorized access to sensitive data within the VM and also to host-mounted directories, potentially exposing or compromising host system files.

Because the attacker can maintain this access across VM boots, it increases the risk of long-term compromise and data breaches.

Compliance Impact

This vulnerability allows a local attacker to modify the VM root filesystem image, enabling persistent arbitrary code execution and access to host-mounted directories. Such unauthorized access and potential data manipulation could lead to violations of data integrity and confidentiality requirements mandated by standards like GDPR and HIPAA.

Specifically, the lack of image content integrity verification (CWE-353) means that sensitive data could be exposed or altered without detection, which conflicts with the principles of data protection and security controls required by these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7574. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart