Claude Code exposes deeplink-based remote command execution

According to itsecuritynews.info, which indexed reporting from GBHackers Security, security researcher Joernchen documented a vulnerability in Anthropic's Claude Code CLI that allowed arbitrary system commands to be executed using a single crafted deeplink URL. The vulnerability was reported fixed in Claude Code version 2.1.118, per the same itsecuritynews.info article. Additional writeups summarized on 0day.click and diginews.johandenoyer.fr describe the same issue and the exploit technique.

Reporting by 0day.click and diginews.johandenoyer.fr attributes the root cause to insecure CLI flag parsing in the deeplink handler, which allowed injected command fragments to be interpreted as executable flags or commands by the local shell. The researcher demonstrated that a carefully crafted deeplink could pass through developer-configured convenience plumbing and result in remote code execution on the host running the CLI.

Editorial analysis: Developer tooling that exposes deeplink or URL handlers and then forwards input into local command interpreters often increases attack surface if parsing and sanitization are insufficient. Similar classes of bugs have produced RCEs in other ecosystems when user-controlled strings reach shell-invocation paths.

Editorial analysis: Security teams should treat deeplink handlers and CLI wrappers as part of the trusted computing base and include them in threat models, code review checklists, and fuzzing targets. Observability on CLI invocation paths and limiting the privileges of processes handling deeplinks reduce blast radius even when parsing bugs exist.

Confirm deployment of Claude Code version 2.1.118 in environments where the CLI is reachable from untrusted sources. Watch for follow-up writeups or CVE assignments from mainstream vulnerability trackers and for any related advisories from package repositories or OS vendors.