Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- Posted on March 26, 2026
- By The Hacker News
- 5 Views
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.
