Claude Desktop Extensions - Critical Zero-Click RCE

Memo
Written By Studio Soph
 
 

A newly disclosed critical zero-click remote code execution (RCE) vulnerability (CVSS 10.0) in Claude Desktop Extensions allows attackers to execute arbitrary code on affected systems without user interaction. Since extensions operate autonomously and execute local commands, exploitation could result in full endpoint compromise, ransomware deployment, and data exfiltration.

At the core, the issue appears to be how Claude processes input originating from public-facing calendar connectors.  Anthropic (Claude) has acknowledged the issue but has not released a patch.

Organizations using Claude Desktop with extensions enabled should take immediate action:

  • Remove the Microsoft 365 connector integration until the issue is remediated

  • Make sure Claude is connected only to data sources that you trust fully

  • If opting to use connectors, do not utilize Claude to interact with communications or invites without verifying the sender and contents


Additional details:

https://cyberpress.org/claude-desktop-extensions-zero-click-rce-flaw/

 

Best regards,

— Your HalcyonFT Team

 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
Read more
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

Lets connect
 
 
Studio Soph https://www.studiosoph.co.uk
Next

HalcyonFT Quarterly Newsletter - Q4 2025 - Updates and Recommendations