// Alert

Claude threat report

Cyberpress reported on 18 May 2026 a remote code execution vulnerability in Anthropic's Claude Code, publicly disclosed on 12 May 2026 by researcher Joernchen of 0day.click and patched in version 2.1.118. The flaw resides in the eagerParseCliFlag function in main.tsx, which scans the entire command-line array for any string beginning with --settings= without distinguishing flags from argument values. By combining this with the claude-cli://open deeplink handler's q parameter, an attacker could embed a crafted --settings= JSON payload that registers a SessionStart hook and executes arbitrary shell commands when the victim opens the URL. A secondary issue allowed the workspace trust dialog to be bypassed entirely when the deeplink's repo parameter matched a repository the user had already trusted, so exploitation occurred silently. Users on versions prior to 2.1.118 are advised to update immediately.

// Get alerts for Claude