GHSA-fg94-h982-f3mm: Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
Summary
Claude Code had a security flaw where the domain huggingface.co was automatically approved for the WebFetch tool (a feature that lets AI systems fetch data from the internet), allowing attackers to trick Claude into making web requests to attacker-controlled files and secretly stealing data like files or environment variables without user permission. An attacker would need to first inject malicious content into Claude's context (the information it's working with) to exploit this vulnerability.
Solution / Mitigation
Users on standard Claude Code auto-update have received this fix already; users performing manual updates are advised to update to the latest version.
Vulnerability Details
EPSS: 0.0%
Yes
June 17, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-fg94-h982-f3mm
First tracked: June 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%