# CVE

- [The CLAUDE.md Trap: How a New Supply-Chain Attack Targets Agentic Developers](https://sdd.sh/2026/04/the-claude.md-trap-how-a-new-supply-chain-attack-targets-agentic-developers.md): A patched vulnerability in Claude Code (CVE-2026-21852) reveals an entirely new attack surface: poisoned project config files that silently bypass your deny rules and exfiltrate credentials. Here's what happened, how the exploit works, and what it means for agentic security.