CVE-2026-7574: Anthropic Python — HIGH

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

Full CISO analysis pending enrichment.

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Anthropic Python	pip	—	No patch
3.7K 5.4K dependents Pushed 5d ago 90% patched ~1d to patch Full package profile →

Do you use Anthropic Python? You're affected.

How severe is it?

CVSS 3.1

8.7 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

What is the attack surface?

AV Local

AC Low

PR Low

UI None

S Changed

C High

I High

A Low

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-7574?

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check).

Is CVE-2026-7574 actively exploited?

No confirmed active exploitation of CVE-2026-7574 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-7574?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-7574?

CVE-2026-7574 has a CVSS v3.1 base score of 8.7 (HIGH).

What are the technical details?

Original Advisory

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check).

Weaknesses (CWE)

CWE-353 Missing Support for Integrity Check CWE-353 Missing Support for Integrity Check

CWE-353 — Missing Support for Integrity Check: The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

[Architecture and Design] Add an appropriately sized checksum to the protocol, ensuring that data received may be simply validated before it is parsed and used.
[Implementation] Ensure that the checksums present in the protocol design are properly implemented and added to each message before it is sent.

Source: MITRE CWE corpus.