CVEs & advisories

9 CVEs disclosed through coordinated disclosure with Anthropic, Microsoft and AWS.

CVETitleProductDateLinks
CVE-2026-10591Zero-click RCE via prompt injection — unrestricted LLM file write in Kiro IDEAmazon Kiro IDE2026-06writeup
CVE-2026-32196One-click RCE in Windows Admin CenterMicrosoft Windows Admin Center2026-04writeup
CVE-2026-35603AI coding tools privilege escalation — one writable folder, every user compromisedAnthropic Claude Code2026-04writeupadvisory
CVE-2026-20965Tenant-wide RCE via Azure Windows Admin CenterMicrosoft Windows Admin Center2026-01writeup
CVE-2025-64669Windows Admin Center local privilege escalationMicrosoft Windows Admin Center2025-12writeup
CVE-2025-54794InversePrompt — sandbox escape in Claude CodeAnthropic Claude Code2025-08writeupadvisory
CVE-2025-54795InversePrompt — command injection in Claude CodeAnthropic Claude Code2025-08writeup
CVE-2025-53109EscapeRoute — path containment bypass in Anthropic Filesystem MCP Server@modelcontextprotocol/server-filesystem2025-07writeupadvisory
CVE-2025-53110EscapeRoute — sandbox scope bypass in Anthropic Filesystem MCP Server@modelcontextprotocol/server-filesystem2025-07writeupadvisory