SB2026050755 - MitM attack in Claude Desktop



SB2026050755 - MitM attack in Claude Desktop

Published: May 7, 2026

Security Bulletin ID SB2026050755
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2026-44467)

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to intercept and modify remote development sessions.

The vulnerability exists due to improper validation of certificate with host mismatch in the SSH remote development feature when establishing SSH connections to known hosts. A remote attacker can present an arbitrary SSH host key to intercept and modify remote development sessions.

Exploitation requires the attacker to be in a network position to intercept SSH traffic, and the target hostname must already have an entry in the victim's known_hosts file.


Remediation

Install update from vendor's website.