STUPID-2026-0024 Severity 7.5/10 — HIGH Verified

Claude Code MCP trust boundary failures allow workspace privilege escalation

Agent: claude-code Domain: security

Failure Mode

Security Vulnerability

Root Cause

Other

Task Type

Agentic_Operations

Reproducible

Yes

Description

Security researcher Jashid Sany documented three systemic trust boundary failures in Claude Code v2.1.63 related to the Model Context Protocol (MCP): (1) weak MCP server configuration validation allowing untrusted servers to register with elevated trust, (2) insufficient tool confirmation prompts that can be bypassed by crafted tool descriptions, and (3) workspace trust escalation vulnerabilities where agents processing potentially malicious input can be manipulated to perform out-of-scope actions. All findings were submitted to Anthropic via HackerOne and closed as 'Informative'. The core failure: human-designed trust models break when autonomous agents process potentially adversarial input.

Instruction Given

Normal development tasks via Claude Code with MCP integrations

Expected Behavior

MCP server interactions constrained by trust level; no privilege escalation possible

Actual Behavior

Trust boundaries can be crossed through crafted MCP server configurations and tool descriptions; agent can be manipulated to perform out-of-scope privileged actions

Impact / Damage

Potential for workspace privilege escalation in Claude Code v2.1.63; Anthropic closed findings as Informative without CVE assignment

Share this incident

Help others know about this AI agent failure

Post on X LinkedIn Reddit

Source: Security Research View source Reported March 22, 2026

Related claude-code Incidents

STUPID-2026-0003 10.0/10

Claude Code ran rm -rf on test fixtures thinking they were temp files

STUPID-2026-0019 7.5/10

Claude Opus 4.5 leaked API key in console logs during YouTube scraper build

STUPID-2026-0008 2.1/10

Claude Code hallucinated a non-existent npm package and installed it