Share
## https://sploitus.com/exploit?id=0AE8E76C-CF25-54D7-B820-018A4B6FC60D
# ๐จ CVE-2026-7574 โ Claude Desktop Cowork VM Integrity Bypass
### Anthropic Claude Desktop Cowork VM Image Integrity Bypass
### ๐ฅ Local Persistence Through VM Image Tampering
*An integrity validation weakness allowing modification of the Claude Desktop Cowork VM filesystem image (`rootfs.img`), enabling persistent code execution inside the VM environment.*
---
## ๐ Overview
**CVE-2026-7574** is a high-severity vulnerability affecting **Anthropic Claude Desktop Cowork**.
The issue arises because the application validates only the existence and version metadata of the virtual machine filesystem image (`rootfs.img`) before booting the VM. The image contents themselves are not cryptographically verified.
This allows an attacker with local access to replace or modify the VM image and maintain persistent execution capabilities inside the Cowork virtual machine.
---
## ๐ฏ Affected Products
| Product | Status |
|----------|---------|
| Claude Desktop Cowork | Vulnerable |
| macOS Deployments | Affected |
| Linux Deployments | Not Confirmed |
| Windows Deployments | Not Confirmed |
### Affected Versions
```text
v1.1348.0 โ v1.2278.0
```
---
## โก Vulnerability Details
| Field | Value |
|---------|---------|
| CVE | CVE-2026-7574 |
| Severity | High |
| CVSS Score | 8.7 |
| CWE | CWE-353 |
| Attack Vector | Local |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Exploitation | Post-Compromise |
---
## ๐ง Root Cause
The application performs:
```text
โ File Exists
โ Version Matches
โ Integrity Validation
โ Cryptographic Signature Verification
โ Secure Hash Validation
```
As a result, a modified VM filesystem image is trusted during subsequent launches.
---
## ๐ Attack Flow
```text
โโโโโโโโโโโโโโโโโโโโโโโโ
โ Local User Access โ
โโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโ
โ Modify rootfs.img โ
โโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโ
โ Claude Starts VM โ
โโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโ
โ Malicious Image โ
โ Trusted & Executed โ
โโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโ
โ Persistent Access โ
โ Inside Cowork VM โ
โโโโโโโโโโโโโโโโโโโโโโโโ
```
---
## ๐ฅ Potential Impact
### Persistence
Attackers can maintain code execution across VM restarts.
### Data Exposure
Access to directories mounted between the host and VM.
### Post-Compromise Activity
Useful for maintaining footholds after initial compromise.
### VM Manipulation
Modified environments may execute attacker-controlled services and scripts.
---
## ๐ Proof-of-Concept Logic
> Educational representation only.
```bash
# Locate VM image
rootfs.img
# Modify filesystem image
# Replace startup scripts
# Restart Claude Desktop Cowork
# Modified image executes automatically
```
---
## ๐ก Detection
### Indicators of Compromise
- Unexpected modification time of `rootfs.img`
- Unauthorized VM image replacements
- Unknown startup scripts inside the VM
- Persistence surviving application reinstalls
- Unexpected processes within the Cowork VM
---
## ๐ Mitigation
### Immediate Actions
- Restrict local access.
- Monitor VM image integrity.
- Implement filesystem auditing.
- Review VM startup configurations.
- Recreate suspicious VM images.
### Vendor Recommendation
Implement:
```text
SHA-256 Validation
Cryptographic Signatures
Secure Boot Verification
Image Trust Chains
Runtime Integrity Checks
```
---
## ๐
Timeline
| Event | Date |
|---------|---------|
| CVE Reserved | 2026-05-01 |
| Public Disclosure | 2026-06-24 |
| CVE Published | 2026-06-24 |
---
## ๐ท Classification
```text
CWE-353
Missing Support for Integrity Check
```
---
## ๐ References
- Public CVE Advisory
- Vendor Security Bulletin
- CWE-353 Documentation
---
## โ Disclaimer
This repository is intended for:
- Security Research
- Vulnerability Awareness
- Defensive Security Education
- Incident Response Preparation
Do not use this information to attack systems without explicit authorization.
---
### ๐ด CVE-2026-7574
### Claude Desktop Cowork VM Integrity Bypass
**Persistence Through Trust Without Verification**