HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2026-44467

CVSS 7.4v4.0pub. 2026-05-13upd. 2026-06-02

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's presented host key against the stored key. This allowed a network-positioned attacker to present an arbitrary SSH host key and have the connection silently accepted, enabling a man-in-the-middle attack on remote development sessions. Successful exploitation required the attacker to be in a network position to intercept SSH traffic (e.g., via ARP spoofing, rogue Wi-Fi, or DNS poisoning) and the target hostname to already have an entry in the victim's known_hosts file. This vulnerability is fixed in 1.4304.0.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Anthropic Claude Desktop

    APP
    Anthropic
    1.2581.0 – 1.4304.0 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-44470HIGH8.5ten sam produkt

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions si...

CVE-2026-55607HIGH7.7ten sam vendor

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed cre...

CVE-2026-40068HIGH7.7ten sam vendor

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree c...

CVE-2026-39861HIGH7.7ten sam vendor

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxe...

CVE-2026-33068HIGH7.7ten sam vendor

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings fil...

CVE-2026-44467 β€” Anthropic β€” Claude Desktop β€” HIGH β€” CVSS 7.4 | CVEbaza.pl