Critical vulnerability in Claude Desktop Extensions allows 0-click remote code execution, affecting 10,000+ users. Attackers exploit this flaw via Google Calendar events, enabling unauthorized commands without user consent. LayerX warns of severe trust boundary violations; fixes are currently not planned by Anthropic.
https://cybersecuritynews.com/claude-desktop-extensions-0-click-vulnerability/

