The Register reports that LayerX, a security firm, has identified a "zero-click" remote code execution vulnerability within Claude Desktop Extensions, now known as MCP Bundles. This flaw, which LayerX says deserves a CVSS score of 10/10, can be exploited by processing a specially crafted Google Calendar entry.The vulnerability arises from how Claude Desktop Extensions process external data and interact with installed MCP connectors. According to LayerX, extensions do not run in a truly sandboxed environment and possess full host system privileges. By sending a Google Calendar invitation containing malicious instructions, a user can trick Claude into downloading, compiling, and executing harmful code. This occurs because Claude processes data from public connectors like Google Calendar and autonomously decides which installed MCP connectors to use. If an extension with command-line access is present, it can be triggered by data from a seemingly low-risk source, leading to remote code execution without any user interaction.Anthropic has stated that this vulnerability falls outside their current threat model, viewing the MCP integration as a local development tool where users are responsible for the security configurations of installed extensions and their granted permissions.Source: The Register
AI/ML, Vulnerability Management
LayerX reports vulnerability in Claude Desktop Extensions, Anthropic declines to fix

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



