CVE-2026-54316
Wykorzystanie luk w Claude Code pozwala na nieautoryzowane pobieranie danych z złośliwych repozytoriów.
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrusted content into a Claude Code context could direct it to issue WebFetch requests against attacker-controlled repository files (e.g. /resolve/main/config.json), which HuggingFace counts as downloads server-side, creating a covert out-of-band channel for encoding and exfiltrating data Claude can access such as files, environment variables, or command output. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 2.1.163.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.4% |
| Opublikowano (NVD) | 2026-06-23 18:18:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 19:09:14 UTC |
- https://github.com/anthropics/claude-code/security/advisories/GHSA-fg94-h982-f3mm (security-advisories@github.com) [Third Party Advisory]