What is CVE-2025-59536 in Claude Code?

It's the hook-based RCE flaw letting malicious projects exec shell commands on load.

How to prevent API token theft in Claude Code?

Patch immediately, vet projects manually, disable unused features like MCP, use API key rotation.

Will Claude Code vulnerabilities affect my whole team?

Yes, if sharing projects — one compromised file spreads RCE and exfils creds across sessions.

Claude Code's Hook Trap: RCE and Token Theft via Sneaky Project Files

Anthropic promised Claude Code as the secure AI sidekick for devs. Check Point just proved it's a hacker's playground, with RCE and token grabs via innocent-looking project files.

theAIcatchup Apr 08, 2026 4 min read

Code hooks exploding into remote execution and leaking API tokens in Claude Code interface

⚡ Key Takeaways

Claude Code's hooks, MCP, and env vars enable RCE and API token theft via malicious projects. 𝕏
Anthropic patched post-disclosure, but unvetted repos remain risky. 𝕏
Echoes Log4Shell: AI dev tools' supply chain is wide open for abuse. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#API token exfiltration #Anthropic security #Claude Code vulnerability #RCE CVE-2025-59536

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Check Point Research

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Hackers Weaponize Claude Code Leak with Infostealer Malware on GitHub

Claude Code Leak Hands Rivals AI's Secret Sauce

Claude Code's 50-Command Cap: The Bypass That Unlocks Your Dev Machine

Claude Code's Epic Leak Turns GitHub into a Malware Minefield

Stay in the loop