{"data":{"id":"a1db12eb-5ab6-4778-a52d-67a1f54aac04","title":"CVE-2026-7574: Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1","summary":"Anthropic Claude Desktop has a security flaw in versions v1.1348.0 through v1.2278.0 where it boots a VM (virtual machine, a simulated computer) without checking that the root filesystem image hasn't been tampered with. An attacker with basic access to a user's Mac can modify this image file, and the software will trust and run the modified version on the next boot, giving the attacker persistent control inside the VM and access to files shared with the host computer.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7574","publishedAt":"2026-06-24T00:16:34.173Z","cveId":"CVE-2026-7574","cweIds":["CWE-353"],"cvssScore":"8.7","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic Claude Desktop","Cowork VM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-24T00:16:34.173Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}