Vulnerability in Anthropic's Claude Cowork Allows Root Command Execution

Vulnerability in Anthropic's Claude Cowork Allows Root Command Execution

First seen 2 Jul 2026, 18:59 UTC Feeds.FeedburnerCybersecuritynews 71% similarity 51.9
Share:

Article Content

Browse articles
ThreatCluster

Security researchers at Armadin Inc. have identified an attack chain in Anthropic PBC’s Claude Cowork that allows attackers to execute arbitrary commands as root within its sandbox environment. This vulnerability exploits two weaknesses in the software for Windows, enabling local code execution to escalate privileges. The first weakness involves manipulating a resume flag to bypass user restrictions, while the second allows attackers to override network restrictions, facilitating data exfiltration. Anthropic does not classify this as a security issue, as it requires prior local code execution on the host machine. The vulnerability affects Claude Desktop for Windows version 1.9255.2.0, raising concerns about endpoint security in AI productivity tools. The attack chain has been validated by Armadin, highlighting the risks associated with non-technical user systems running local virtual machines.

Key Points: • Attack chain allows arbitrary command execution as root in Claude Cowork's sandbox. • Exploits two weaknesses: privilege escalation and network restriction bypass. • Anthropic claims the issue requires local code execution, not a direct vulnerability.

ThreatCluster AI

Timeline

2026-07-02
Attack chain disclosed
Armadin Inc. reported a vulnerability in Claude Cowork allowing root command execution and network restriction bypass.
Feeds.Feedburner
2026-07-02
Anthropic's response
Anthropic stated that the vulnerability requires prior local code execution, thus not a security issue.
Cybersecuritynews

Community

Browse all →