9 CVEs disclosed through coordinated disclosure with Anthropic, Microsoft and AWS.
| CVE | Title | Product | Date | Links |
|---|---|---|---|---|
| CVE-2026-10591 | Zero-click RCE via prompt injection — unrestricted LLM file write in Kiro IDE | Amazon Kiro IDE | 2026-06 | writeup |
| CVE-2026-32196 | One-click RCE in Windows Admin Center | Microsoft Windows Admin Center | 2026-04 | writeup |
| CVE-2026-35603 | AI coding tools privilege escalation — one writable folder, every user compromised | Anthropic Claude Code | 2026-04 | writeupadvisory |
| CVE-2026-20965 | Tenant-wide RCE via Azure Windows Admin Center | Microsoft Windows Admin Center | 2026-01 | writeup |
| CVE-2025-64669 | Windows Admin Center local privilege escalation | Microsoft Windows Admin Center | 2025-12 | writeup |
| CVE-2025-54794 | InversePrompt — sandbox escape in Claude Code | Anthropic Claude Code | 2025-08 | writeupadvisory |
| CVE-2025-54795 | InversePrompt — command injection in Claude Code | Anthropic Claude Code | 2025-08 | writeup |
| CVE-2025-53109 | EscapeRoute — path containment bypass in Anthropic Filesystem MCP Server | @modelcontextprotocol/server-filesystem | 2025-07 | writeupadvisory |
| CVE-2025-53110 | EscapeRoute — sandbox scope bypass in Anthropic Filesystem MCP Server | @modelcontextprotocol/server-filesystem | 2025-07 | writeupadvisory |