Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users
Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.