VBS-2026-0012CRITICALCVSS 9.3CWE-200

Claude Code project-load pre-trust exfiltration (CVE-2026-21852)

Project load flow could permit malicious repositories to exfiltrate sensitive data, including API keys, before trust confirmation in affected versions.

Published

2026-01-21

Discovered By

Anthropic advisory

CVSS Score

9.3 / 10

Affected AI Platforms

Claude Code

Affected Tech Stack

Repo-as-inputPre-consent network egress

Remediation

Upgrade to patched versions and enforce pre-trust egress denial as a hard policy.

#claude-code#credential-exfiltration#pre-trust#repo-as-input#cve

References

https://nvd.nist.gov/vuln/detail/CVE-2026-21852

Check if your app is vulnerable to VBS-2026-0012

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ

How do I check if my Repo-as-input + Pre-consent network egress app is affected by claude Code project-load pre-trust exfiltration (CVE-2026-21852)?

Project load flow could permit malicious repositories to exfiltrate sensitive data, including API keys, before trust confirmation in affected versions.. Search your codebase for Repo-as-input, Pre-consent network egress patterns and verify the remediation has been applied. This is rated CVSS 9.3 — treat it as a live incident if your app is already in production.

Why does Claude Code generate code with CWE-200 (critical severity)?

Project load flow could permit malicious repositories to exfiltrate sensitive data, including API keys, before trust confirmation in affected versions.

How do I fix claude Code project-load pre-trust exfiltration (CVE-2026-21852)?

Upgrade to patched versions and enforce pre-trust egress denial as a hard policy.

What is CVE-2026-21852 and how does it affect Claude Code projects?

CVE-2026-21852 is a critical severity CVE with a CVSS score of 9.3, affecting Claude Code. Project load flow could permit malicious repositories to exfiltrate sensitive data, including API keys, before trust confirmation in affected versions..