MIIT Issues Risk Alert: Claude Code Identified with Security Backdoor Risks, Posing Serious Threats
12 hour ago / Read about 0 minute
Author:小编   

The Network Security Threat and Vulnerability Information Sharing Platform (NVDB), operating under the aegis of the Ministry of Industry and Information Technology (MIIT), has uncovered significant security backdoor vulnerabilities in Claude Code, an AI programming tool developed by the U.S.-based company Anthropic. Specifically, versions ranging from 2.1.91 to 2.1.196 of this software incorporate embedded monitoring functionalities. These functionalities are capable of covertly transmitting sensitive user data, including geographical location and identity markers, to a remote server without obtaining explicit user consent. Such actions constitute a substantial security risk. In light of these findings, the NVDB advises all pertinent organizations and individual users to promptly initiate thorough investigations. It further urges the immediate uninstallation or upgrading of the affected software versions, along with the implementation of enhanced permission controls and rigorous traffic monitoring measures to mitigate the potential for sensitive data breaches.