CVE-2026-7574
Awaiting Analysis Awaiting Analysis - Queue

VM Image Integrity Check Bypass in Anthropic Claude Desktop Cowork

Vulnerability report for CVE-2026-7574, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: Austin Hackers Anonymous

Description

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_desktop From 1.1348.0 (inc) to 1.2278.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-353 The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves modification of the VM root filesystem image (rootfs.img) used by Anthropic Claude Desktop Cowork VM. Detection would involve checking the integrity and content of the rootfs.img file to identify unauthorized changes.

Since the vulnerability arises from lack of integrity verification, you can detect it by comparing the current rootfs.img file against a known good version or by monitoring file changes.

  • Use checksum commands like `shasum` or `md5` on macOS to verify the rootfs.img file integrity, for example: `shasum /path/to/rootfs.img`.
  • Use `stat` or `ls -l` to check file modification timestamps to detect unexpected changes.
  • Monitor the VM image directory for changes using tools like `fswatch` or `inotifywait` (if available).

Note that network detection is limited since this is a local file integrity issue, so focus on host-based detection methods.

Executive Summary

This vulnerability affects Anthropic Claude Desktop Cowork VM images from versions v1.1348.0 through v1.2278.0. The VM image handling process only checks for the presence of the file and a version marker string before booting the root filesystem image (rootfs.img), but it does not verify the integrity of the image content at the time it is used.

As a result, a local attacker who already has unprivileged code execution on the victim's macOS user account can modify the VM root filesystem image. Because the system trusts the modified image on subsequent VM boots, the attacker can achieve persistent arbitrary code execution within the VM and gain access to directories mounted from the host.

This vulnerability is mapped to CWE-353, which refers to missing support for integrity checks.

Impact Analysis

The vulnerability allows a local attacker with limited privileges to persistently execute arbitrary code inside the VM environment by modifying the VM root filesystem image.

This persistent code execution can lead to unauthorized access to sensitive data within the VM and also to host-mounted directories, potentially exposing or compromising host system files.

Because the attacker can maintain this access across VM boots, it increases the risk of long-term compromise and data breaches.

Compliance Impact

This vulnerability allows a local attacker to modify the VM root filesystem image, enabling persistent arbitrary code execution and access to host-mounted directories. Such unauthorized access and potential data manipulation could lead to violations of data integrity and confidentiality requirements mandated by standards like GDPR and HIPAA.

Specifically, the lack of image content integrity verification (CWE-353) means that sensitive data could be exposed or altered without detection, which conflicts with the principles of data protection and security controls required by these regulations.

Mitigation Strategies

Immediate mitigation steps include preventing unauthorized modification of the rootfs.img file used by the Anthropic Claude Desktop Cowork VM.

  • Restrict file permissions on rootfs.img to prevent write access by unprivileged users.
  • Avoid running untrusted code with the same user privileges that can access and modify the VM image.
  • Regularly verify the integrity of the rootfs.img file using checksums or digital signatures if available.
  • Consider isolating the VM environment or running it under stricter user permissions to limit the impact of local code execution.

Long term, apply any official patches or updates from Anthropic that address this integrity verification issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7574. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart