AI/ML, Vulnerability Management

LayerX reports vulnerability in Claude Desktop Extensions, Anthropic declines to fix

(Adobe Stock)

The Register reports that LayerX, a security firm, has identified a "zero-click" remote code execution vulnerability within Claude Desktop Extensions, now known as MCP Bundles. This flaw, which LayerX says deserves a CVSS score of 10/10, can be exploited by processing a specially crafted Google Calendar entry.

The vulnerability arises from how Claude Desktop Extensions process external data and interact with installed MCP connectors. According to LayerX, extensions do not run in a truly sandboxed environment and possess full host system privileges. By sending a Google Calendar invitation containing malicious instructions, a user can trick Claude into downloading, compiling, and executing harmful code. This occurs because Claude processes data from public connectors like Google Calendar and autonomously decides which installed MCP connectors to use. If an extension with command-line access is present, it can be triggered by data from a seemingly low-risk source, leading to remote code execution without any user interaction.

Anthropic has stated that this vulnerability falls outside their current threat model, viewing the MCP integration as a local development tool where users are responsible for the security configurations of installed extensions and their granted permissions.

Source: The Register

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds