VBS-2026-0009CRITICALCVSS 9.4CWE-601A reported multi-step chain combined URL-based hidden prompt injection, redirect trust abuse, and an allowed upload/exfil path to extract Claude chat history in default-session workflows.
Treat URL-prefill content as untrusted input, block or sign redirect targets, and require explicit high-friction consent for assistant-initiated uploads or exfil-prone actions.
How do I check if my Chat prefill URLs + Redirect handlers app is affected by claude Claudy Day chain: URL prompt injection + open redirect + chat exfiltration?
A reported multi-step chain combined URL-based hidden prompt injection, redirect trust abuse, and an allowed upload/exfil path to extract Claude chat history in default-session workflows.. Search your codebase for Chat prefill URLs, Redirect handlers, Assistant file upload flows patterns and verify the remediation has been applied. This is rated CVSS 9.4 — treat it as a live incident if your app is already in production.
Why does Claude generate code with CWE-601 (critical severity)?
A reported multi-step chain combined URL-based hidden prompt injection, redirect trust abuse, and an allowed upload/exfil path to extract Claude chat history in default-session workflows.
How do I fix claude Claudy Day chain: URL prompt injection + open redirect + chat exfiltration?
Treat URL-prefill content as untrusted input, block or sign redirect targets, and require explicit high-friction consent for assistant-initiated uploads or exfil-prone actions.
What can an attacker do if my app contains VBS-2026-0009?
With CVSS 9.4 (critical), this vulnerability is critical — an attacker can likely gain complete control of your data or infrastructure.