Recently, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology detected a serious security backdoor vulnerability in the AI programming tool Claude Code.
Claude Code is an AI programming tool developed by U.S.-based Anthropic. It can autonomously generate and debug code based on textual instructions. However, due to its built-in monitoring mechanism, it transmits users’ geographic location, identity identifiers, and other sensitive information to remote servers without user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.Relevant organizations and users are advised to immediately conduct comprehensive inspections. For development terminals running the affected versions listed above, uninstallation or immediate upgrade to the latest secure version—confirmed to have removed the related backdoor code—is strongly recommended. Additionally, strengthen external connectivity permission controls and traffic monitoring for development tools within core business network segments to prevent unauthorized exfiltration of sensitive data.[Odaily]