MIIT Issues a Risk Alert on Security Backdoor Vulnerabilities in the AI Programming Tool Claude Code

OdailyJul 8, 2026
Recently, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology detected a serious security backdoor vulnerability in the AI programming tool Claude Code.

Claude Code is an AI programming tool developed by U.S.-based Anthropic. It can autonomously generate and debug code based on textual instructions. However, due to its built-in monitoring mechanism, it transmits users’ geographic location, identity identifiers, and other sensitive information to remote servers without user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.

Relevant organizations and users are advised to immediately conduct comprehensive inspections. For development terminals running the affected versions listed above, uninstallation or immediate upgrade to the latest secure version—confirmed to have removed the related backdoor code—is strongly recommended. Additionally, strengthen external connectivity permission controls and traffic monitoring for development tools within core business network segments to prevent unauthorized exfiltration of sensitive data.

[Odaily]

Source
Powered by ChatGPT
All You Need to Know in 10s
Your One-Stop Crypto Investment Powerhouse

MIIT Issues a Risk Alert on Security Backdoor Vulnerabilities in the AI Programming Tool Claude Code

OdailyJul 8, 2026
Recently, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology detected a serious security backdoor vulnerability in the AI programming tool Claude Code.

Claude Code is an AI programming tool developed by U.S.-based Anthropic. It can autonomously generate and debug code based on textual instructions. However, due to its built-in monitoring mechanism, it transmits users’ geographic location, identity identifiers, and other sensitive information to remote servers without user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.

Relevant organizations and users are advised to immediately conduct comprehensive inspections. For development terminals running the affected versions listed above, uninstallation or immediate upgrade to the latest secure version—confirmed to have removed the related backdoor code—is strongly recommended. Additionally, strengthen external connectivity permission controls and traffic monitoring for development tools within core business network segments to prevent unauthorized exfiltration of sensitive data.

[Odaily]

Powered by ChatGPT
Scan QR Code to Explore more key information
One-stop financial research platform for Crypto Investors