What happened

Check Point Research disclosed two issues in Claude Code (CVE-2025-59536 and CVE-2026-21852) that allow an attacker who controls files in a repository to:

1. Trigger remote code execution when Claude Code processes those files. 2. Exfiltrate API tokens stored in the project's configuration.

Simply cloning + opening a hostile repository with Claude Code attached is enough to trigger the chain.