MEDIUM
anthropics
CVE published 2026-06-23
CVE-2026-54316
CVE-2026-54316 is a medium-severity vulnerability in Claude Code, an agentic coding tool, affecting versions from 0.2.54 to 2.1.163. The issue arises from the pre-approval of the hostname 'huggingface.co' for the WebFetch tool, enabling an attacker to inject untrusted content and direct the tool to issue requests against attacker-controlled repository files. This could create a covert out-of-band channel [truncated]