{"data":{"id":"ad4e05bb-e140-466f-9489-b53bfe0a5d3a","title":"CVE-2026-44467: The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side","summary":"The Claude Desktop app's SSH remote development feature (versions 1.2581.0 to before 1.4304.0) had a security flaw where it only checked if a hostname was in the ~/.ssh/known_hosts file without verifying that the server's actual host key matched the stored one. This allowed a network attacker (someone who could intercept traffic through methods like ARP spoofing or rogue Wi-Fi) to perform a man-in-the-middle attack (secretly intercepting and potentially altering communications between two parties) on remote development sessions, as long as the hostname was already in the victim's known_hosts file.","solution":"Update Claude Desktop to version 1.4304.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44467","publishedAt":"2026-05-13T16:16:58.100Z","cveId":"CVE-2026-44467","cweIds":["CWE-297","CWE-322"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Desktop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-13T16:16:58.100Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}