Check Point Research identified critical vulnerabilities in Anthropic’s Claude Code enabling remote code execution and API key theft through malicious project configurations. Attackers can exploit Hooks and Model Context Protocol to execute unauthorized commands and intercept API communications. All discovered vulnerabilities have been remediated by Anthropic. Developers must carefully scrutinize project configurations to prevent configuration-based attacks, treating them with the same caution as executable code.
