Login Sign Up

CVE-2026-24052

7.4 HIGH

📋 TL;DR

CVE-2026-24052 is a URL validation bypass vulnerability in Claude Code's trusted domain verification. Attackers could register malicious subdomains that pass validation (e.g., modelcontextprotocol.io.example.com), enabling automatic requests to attacker-controlled domains without user consent. This affects all Claude Code users prior to version 1.0.111.

💻 Affected Systems

Products:
  • Claude Code
Versions: All versions prior to 1.0.111
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with default configuration are vulnerable. The vulnerability exists in the WebFetch request functionality.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete data exfiltration from Claude Code sessions, including sensitive code, API keys, and proprietary information sent to attacker-controlled servers.

🟠

Likely Case

Targeted attacks stealing specific data from compromised Claude Code instances, potentially leading to credential theft or intellectual property loss.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering, though validation bypass remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction with Claude Code, but domain registration and attack setup are straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.111

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf

Restart Required: Yes

Instructions:

1. Stop Claude Code service. 2. Update to version 1.0.111 or later via package manager or direct download. 3. Restart Claude Code service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Egress Filtering

all

Block outbound connections to non-essential domains from Claude Code instances

Domain Whitelist Enforcement

all

Configure firewall or proxy to only allow connections to explicitly trusted domains

🧯 If You Can't Patch

  • Isolate Claude Code instances in restricted network segments with limited egress
  • Monitor outbound connections for suspicious domains and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version. If version is less than 1.0.111, the system is vulnerable.

Check Version:

claude-code --version or check package manager version

Verify Fix Applied:

After updating, verify version is 1.0.111 or higher and test that subdomain bypass attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from Claude Code
  • Requests to suspicious domains containing trusted domain names as substrings

Network Indicators:

  • Outbound connections to domains containing trusted domain names as subdomains
  • Unexpected data exfiltration patterns

SIEM Query:

source="claude-code" AND (destination_domain="*.modelcontextprotocol.io.*" OR destination_domain="*.docs.python.org.*")

📊 Metadata

CVE ID: CVE-2026-24052
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE: CWE-601
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: February 3, 2026
Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24052, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)