Количество 2
Количество 2
CVE-2026-24052
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. This issue has been patched in version 1.0.111.
GHSA-vhw5-3g5m-8ggf
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24052 Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. This issue has been patched in version 1.0.111. | CVSS3: 7.4 | 0% Низкий | 5 дней назад |
| GHSA-vhw5-3g5m-8ggf Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains | 0% Низкий | 5 дней назад |
Уязвимостей на страницу