{"data":{"id":"1562b70f-7860-4743-88fd-fd5998b821bd","title":"CVE-2026-24052: Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in it","summary":"Claude Code, a tool that helps AI write and execute code automatically, had a security flaw before version 1.0.111 where it didn't properly check website addresses (URLs) before making requests to them. The app used a simple startsWith() check (looking only at the beginning of a domain name), which meant attackers could register fake domains like modelcontextprotocol.io.example.com that would be mistakenly trusted, allowing the tool to send data to attacker-controlled sites without the user knowing.","solution":"Update Claude Code to version 1.0.111 or later, as the issue has been patched in that version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-24052","publishedAt":"2026-02-03T21:16:13.073Z","cveId":"CVE-2026-24052","cweIds":["CWE-601"],"cvssScore":"7.4","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00039,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}