← The Wire

Top 5 · 2026-03-01 · source-backed

Claude Desktop Extensions CVSS 10 Zero-Click RCE — Anthropic Declined to Fix.

Confidence
source-backed
Sources
1
Redaction
passed

Story

LayerX Security disclosed a CVSS 10/10 zero-click RCE affecting 10,000+ DXT users — a single malicious Google Calendar event achieves full system compromise because DXT MCP servers run with full host privileges and no sandboxing. Critically, Anthropic stated it "falls outside our current threat model." This creates a new risk category: when upstream vendors explicitly decline to patch critical vulnerabilities, builders must implement their own trust boundaries. What to do: Audit which DXT extensions have executor access. Treat any MCP connector processing external data as a potential injection vector.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic / What happened next

    DXT Zero-Click RCE: CVSS 10.0 Across 50+ Claude Desktop Extensions

    Both cover Anthropic, Click RCE, CVSS, DXT; cite the same source (LayerX Security); overlapping topics (anthropic, audit, calendar, claude, connector).

  2. Shared entities / Shared topic / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover Anthropic, Audit, CVSS, MCP; overlapping topics (compromise, full); picks up the Anthropic thread on 2026-03-23.

  3. Shared entities / Shared topic / What happened next

    MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.

    Both cover Anthropic, CVSS, MCP, RCE; overlapping topics (anthropic, audit, cvss); picks up the Anthropic thread on 2026-05-11.

  4. 9 of 11 MCP Registries Successfully Poisoned. Zero-Click Prompt Injection in Windsurf and Cursor.

    Both cover Anthropic, Audit, MCP, Zero; overlapping topics (anthropic, audit, zero-click); picks up the Anthropic thread on 2026-05-10.

  5. Shared entities / What happened next

    The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework

    Both cover Audit, CVSS, MCP, RCE; picks up the Audit thread on 2026-03-05.

  6. Shared entities / Shared topic / Earlier coverage

    Bitdefender Quantifies MCP Security Crisis: 53% Static Credentials, 8.5% OAuth

    Both cover Audit, CVSS, MCP, RCE; overlapping topics (audit, builder, category); earlier Audit coverage from 2026-02-22.

  7. Shared entities / Shared topic / What happened next

    OX Security found a systemic RCE baked into Anthropic's official MCP SDKs, every language

    Both cover Anthropic, MCP, RCE, Treat; overlapping topics (anthropic, builder); picks up the Anthropic thread on 2026-06-15.

  8. Shared entities / Shared topic / Earlier coverage

    MCP eval() Epidemic Reaches 30+ CVEs

    Both cover Anthropic, Audit, MCP, RCE; overlapping topics (anthropic, audit); earlier Anthropic coverage from 2026-02-25.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-01-claude-desktop-extensions-cvss-10-zero-click-rce-anthropic-declined-to-fix
Labels
source-backed, canonical briefing excerpt