Critical Vulnerabilities in Claude.ai Enable Data Theft and Malicious Redirects

Critical Vulnerabilities in Claude.ai Enable Data Theft and Malicious Redirects

First seen 18 Mar 2026, 20:14 UTC TechnaduDarkreadingGbhackersCybersecuritynews 79% similarity 69.0

Article Content

Browse articles
ThreatCluster

A series of vulnerabilities in Anthropic's Claude.ai, collectively termed 'Claudy Day', have been identified, allowing attackers to exfiltrate sensitive user data and redirect users to malicious sites. The attack chain consists of three flaws: an invisible prompt injection via URL parameters, an open redirect on claude.com, and data exfiltration through the Anthropic Files API. These vulnerabilities can be exploited without any external tools or integrations, posing a significant risk to users. Researchers from Oasis Security discovered these flaws and reported them to Anthropic, which has since patched the prompt injection vulnerability but is still addressing the other issues. The vulnerabilities can lead to unauthorized access to sensitive user conversation history, especially in enterprise settings where integrations are enabled. Security experts emphasize the need for organizations to audit their AI integrations to mitigate these risks. The attack vector allows for silent data exfiltration, making it particularly dangerous for users unaware of the risks. The situation remains critical as organizations must remain vigilant against potential exploitation.

Key Points: • Three vulnerabilities in Claude.ai allow for silent data exfiltration and malicious redirects. • The attack chain requires no external tools, functioning within default settings. • Anthropic has patched the prompt injection flaw but is still addressing other vulnerabilities.

ThreatCluster AI

Timeline

2026-03-18
Oasis Security reports vulnerabilities to Anthropic.
2026-03-18
Anthropic patches the prompt injection vulnerability.
2026-03-19
Articles published detailing the vulnerabilities and their implications.

Community

Browse all →