Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection
Summary
The article analyzes a remote code execution vulnerability in Claude Code caused by insecure CLI flag parsing during deeplink handling. It explains how naive parsing of command line flags allowed injection of arbitrary settings via claude-cli://open URLs and demonstrates a crafted exploit using a SessionStart hook, noting the fix in version 2.1.118 and emphasizing safer argument parsing to prevent similar injections.