CVE-2026-44467: CWE-297: Improper Validation of Certificate with Host Mismatch in anthropics claude-code
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's presented host key against the stored key. This allowed a network-positioned attacker to present an arbitrary SSH host key and have the connection silently accepted, enabling a man-in-the-middle attack on remote development sessions. Successful exploitation required the attacker to be in a network position to intercept SSH traffic (e.g., via ARP spoofing, rogue Wi-Fi, or DNS poisoning) and the target hostname to already have an entry in the victim's known_hosts file. This vulnerability is fixed in 1.4304.0.
AI Analysis
Technical Summary
The anthropics claude-code Desktop app's SSH remote development feature improperly validates server SSH host keys by only verifying hostname presence in ~/.ssh/known_hosts without comparing the actual host key. This allows an attacker positioned on the network path to perform man-in-the-middle attacks by presenting a rogue SSH host key that the client accepts silently. The vulnerability affects versions >=1.2581.0 and <1.4304.0 and is resolved in version 1.4304.0. The CVSS 4.0 score is 7.4 (high severity), reflecting the attack complexity and impact on confidentiality and integrity.
Potential Impact
Successful exploitation allows a network attacker to intercept and manipulate SSH remote development sessions by presenting a forged SSH host key that the client accepts without verification. This compromises the confidentiality and integrity of the remote development connection, potentially exposing sensitive code and data. The attack requires network-level access and the presence of the target hostname in the known_hosts file.
Mitigation Recommendations
Upgrade the anthropics claude-code Desktop app to version 1.4304.0 or later, where this vulnerability is fixed. Until upgrading, be aware that SSH remote development sessions may be vulnerable to man-in-the-middle attacks if an attacker can intercept network traffic and the hostname is in the known_hosts file. Patch status is confirmed fixed in 1.4304.0.
CVE-2026-44467: CWE-297: Improper Validation of Certificate with Host Mismatch in anthropics claude-code
Description
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's presented host key against the stored key. This allowed a network-positioned attacker to present an arbitrary SSH host key and have the connection silently accepted, enabling a man-in-the-middle attack on remote development sessions. Successful exploitation required the attacker to be in a network position to intercept SSH traffic (e.g., via ARP spoofing, rogue Wi-Fi, or DNS poisoning) and the target hostname to already have an entry in the victim's known_hosts file. This vulnerability is fixed in 1.4304.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The anthropics claude-code Desktop app's SSH remote development feature improperly validates server SSH host keys by only verifying hostname presence in ~/.ssh/known_hosts without comparing the actual host key. This allows an attacker positioned on the network path to perform man-in-the-middle attacks by presenting a rogue SSH host key that the client accepts silently. The vulnerability affects versions >=1.2581.0 and <1.4304.0 and is resolved in version 1.4304.0. The CVSS 4.0 score is 7.4 (high severity), reflecting the attack complexity and impact on confidentiality and integrity.
Potential Impact
Successful exploitation allows a network attacker to intercept and manipulate SSH remote development sessions by presenting a forged SSH host key that the client accepts without verification. This compromises the confidentiality and integrity of the remote development connection, potentially exposing sensitive code and data. The attack requires network-level access and the presence of the target hostname in the known_hosts file.
Mitigation Recommendations
Upgrade the anthropics claude-code Desktop app to version 1.4304.0 or later, where this vulnerability is fixed. Until upgrading, be aware that SSH remote development sessions may be vulnerable to man-in-the-middle attacks if an attacker can intercept network traffic and the hostname is in the known_hosts file. Patch status is confirmed fixed in 1.4304.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T15:49:25.193Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04a508cbff5d8610e80450
Added to database: 5/13/2026, 4:21:28 PM
Last enriched: 5/13/2026, 4:36:33 PM
Last updated: 5/14/2026, 6:46:33 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.