The Claude Code CVE That Should Change How You Review AI-Generated Code

Last month, Check Point Research published details on two critical vulnerabilities in Claude Code - the same tool many of us use daily to ship features faster than ever. One of them, CVE-2025-59536 (CVSS 8.7) , allowed remote code execution the moment you ran claude in a cloned repository. Not after you accepted a prompt. Not after you ran any code. The instant you launched the tool. The other, CVE-2026-21852 (CVSS 5.3) , silently redirected your API traffic - including your full authorization header - to an attacker-controlled server before you ever saw a trust dialog. Both are patched now. But the real story isn't the CVEs themselves. It's what they reveal about the new threat model we've all quietly adopted without a security review of our own. How the Attacks Actually Worked CVE-2025-59536 exploited Claude Code's hook system and MCP server configuration. A malicious .claude/settings.json file, checked into a repository, could define pre-execution hooks that fired before Claude Code