Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316) | Uganda National Computer Emergency Response Team-National Cert

Scope: Anthropic Claude Code Developer Tool, All Vulnerable Versions

Severity: High

A data exfiltration vulnerability in the WebFetch component of Claude Code allows remote attackers to silently steal sensitive developer data by injecting malicious instructions into files, source repositories, or web content processed by the tool. Once Claude Code parses the attacker-controlled text during a standard development session, the malicious instructions execute without requiring additional user approval or elevated privileges, silently bypassing normal WebFetch approval pop-ups through trusted domains. This enables the stealthy exfiltration of source code, environment variables, API keys, and terminal command outputs directly to external attacker servers. Organizations must update Claude Code to the latest secure version immediately, advise development teams to exercise extreme caution when running Claude Code against untrusted third-party repositories or unverified web content, and implement outbound network monitoring to detect unauthorized data transfers from developer workstations.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the Claude Code CVE-2026-54316 Record and apply the necessary updates.

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

RELATED ADVISORIES

n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348)

Recent Advisories

Categories