Top 5 · 2026-03-01 · source-backed
Claude Desktop Extensions CVSS 10 Zero-Click RCE — Anthropic Declined to Fix.
Story
LayerX Security disclosed a CVSS 10/10 zero-click RCE affecting 10,000+ DXT users — a single malicious Google Calendar event achieves full system compromise because DXT MCP servers run with full host privileges and no sandboxing. Critically, Anthropic stated it "falls outside our current threat model." This creates a new risk category: when upstream vendors explicitly decline to patch critical vulnerabilities, builders must implement their own trust boundaries. What to do: Audit which DXT extensions have executor access. Treat any MCP connector processing external data as a potential injection vector.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / What happened next
DXT Zero-Click RCE: CVSS 10.0 Across 50+ Claude Desktop Extensions
Both cover Anthropic, Click RCE, CVSS, DXT; cite the same source (LayerX Security); overlapping topics (anthropic, audit, calendar, claude, connector).
Shared entities / Shared topic / What happened next / Tension
MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth
Both cover Anthropic, Audit, CVSS, MCP; overlapping topics (compromise, full); picks up the Anthropic thread on 2026-03-23.
Shared entities / Shared topic / What happened next
MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.
Both cover Anthropic, CVSS, MCP, RCE; overlapping topics (anthropic, audit, cvss); picks up the Anthropic thread on 2026-05-11.
9 of 11 MCP Registries Successfully Poisoned. Zero-Click Prompt Injection in Windsurf and Cursor.
Both cover Anthropic, Audit, MCP, Zero; overlapping topics (anthropic, audit, zero-click); picks up the Anthropic thread on 2026-05-10.
Shared entities / What happened next
The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework
Both cover Audit, CVSS, MCP, RCE; picks up the Audit thread on 2026-03-05.
Shared entities / Shared topic / Earlier coverage
Bitdefender Quantifies MCP Security Crisis: 53% Static Credentials, 8.5% OAuth
Both cover Audit, CVSS, MCP, RCE; overlapping topics (audit, builder, category); earlier Audit coverage from 2026-02-22.
Shared entities / Shared topic / What happened next
OX Security found a systemic RCE baked into Anthropic's official MCP SDKs, every language
Both cover Anthropic, MCP, RCE, Treat; overlapping topics (anthropic, builder); picks up the Anthropic thread on 2026-06-15.
Shared entities / Shared topic / Earlier coverage
MCP eval() Epidemic Reaches 30+ CVEs
Both cover Anthropic, Audit, MCP, RCE; overlapping topics (anthropic, audit); earlier Anthropic coverage from 2026-02-25.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-01
- AI generated
- no
- Story unit
- 2026-03-01-claude-desktop-extensions-cvss-10-zero-click-rce-anthropic-declined-to-fix
- Labels
- source-backed, canonical briefing excerpt