On July 8, the National Vulnerability Database (NVDB) of China’s Ministry of Industry and Information Technology (MIIT) recently detected a critical security backdoor vulnerability in the AI programming tool Claude Code.
Claude Code is an AI programming tool developed by U.S.-based Anthropic. It can autonomously generate and debug code based on textual prompts. However, due to its built-in monitoring mechanism, it transmits sensitive user information—including geographic location and identity identifiers—to remote servers without explicit user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.Relevant organizations and users are advised to immediately conduct comprehensive security checks. For development terminals running the affected versions listed above, promptly uninstall them or upgrade to the latest secure version—confirmed to have removed the relevant backdoor code. Additionally, strengthen external connectivity permission controls and traffic monitoring for development tools within core business network segments to prevent unauthorized exfiltration of sensitive data.[BlockBeats]