← The Wire

Public story · 2026-03-10 · source-backed

DXT Zero-Click RCE: CVSS 10.0 Across 50+ Claude Desktop Extensions

Confidence
source-backed
Sources
2
Redaction
passed

Story

LayerX disclosed that DXT extensions run unsandboxed with full system privileges. An attacker can craft a malicious calendar event that chains a low-risk connector to a high-risk local executor — achieving full RCE without any user click. Anthropic reportedly declined to fix, saying it "falls outside our current threat model." Before installing any DXT or MCP extension, audit its permission scope. Infosecurity Magazine | LayerX

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic / Earlier coverage

    Claude Desktop Extensions CVSS 10 Zero-Click RCE — Anthropic Declined to Fix.

    Both cover Anthropic, Click RCE, CVSS, DXT; cite the same source (LayerX); overlapping topics (anthropic, audit, calendar, claude, connector).

  2. Shared entities / Shared topic / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover Anthropic, CVSS, MCP, RCE; overlapping topics (chain, full); picks up the Anthropic thread on 2026-03-23.

  3. Shared entities / Shared topic / What happened next

    MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.

    Both cover Anthropic, CVSS, MCP, RCE; overlapping topics (anthropic, audit, cvss); picks up the Anthropic thread on 2026-05-11.

  4. Shared entities / Same source domain / What happened next

    AI-Generated Code CVEs Hit 35 in March. That's 6x January's Count, and the Trend Line Isn't Flattening.

    Both cover CVSS, Infosecurity Magazine, MCP; reported by the same outlet (infosecurity-magazine.com); picks up the CVSS thread on 2026-03-29.

  5. Shared entities / Shared topic / Earlier coverage

    The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework

    Both cover CVSS, MCP, RCE; overlapping topics (audit, chain); earlier CVSS coverage from 2026-03-05.

  6. MCP CVEs Hit 30 — Attack Surface Expanding to Developers

    Both cover Anthropic, MCP, RCE; overlapping topics (anthropic, audit); earlier Anthropic coverage from 2026-03-03.

  7. MCP eval() Epidemic Reaches 30+ CVEs

    Both cover Anthropic, MCP, RCE; overlapping topics (anthropic, audit); earlier Anthropic coverage from 2026-02-25.

  8. Bitdefender Quantifies MCP Security Crisis: 53% Static Credentials, 8.5% OAuth

    Both cover CVSS, MCP, RCE; overlapping topics (audit, chain); earlier CVSS coverage from 2026-02-22.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-10-dxt-zero-click-rce-cvss-10-0-across-50-claude-desktop-extensions
Labels
source-backed, canonical briefing excerpt