Check Point Research: Claude Code CVEs Enable RCE and API Token Exfiltration Through Repository Config Files

Summary

Check Point Research disclosed two critical vulnerabilities in Anthropic's Claude Code (CVE-2025-59536 and CVE-2026-21852) that enabled remote code execution and API credential theft through malicious project configuration files. The attack surface is the `.claude/settings.json` file that Claude Code reads automatically when a developer opens a project. Three distinct attack vectors were identified: hooks-based RCE via embedded shell commands that execute on every collaborator's machine, MCP ser