Claude Desktop extensions allow zero-click RCE via Google Calendar

Feb 2026

LayerX Labs discovered a zero-click remote code execution vulnerability in Claude Desktop Extensions, rated CVSS 10/10. A malicious prompt embedded in a Google Calendar event could trigger arbitrary code execution on the host machine when Claude processes the event data. The attack exploited the gap between a "low-risk" connector and a local MCP server with full code-execution capabilities and no sandboxing. Anthropic declined to fix it, stating it "falls outside our current threat model."

Incident Details

Perpetrator:AI coding agent

Severity:Facepalm

Blast Radius:Claude Desktop users with terminal-access extensions installed; zero-click exploitation via calendar events executes with full host privileges

Tech Stack

Claude DesktopModel Context Protocol (MCP)Claude Desktop Extensions (DXT)

References

The Register: Claude Desktop Extensions Prompt Injection Allows Zero-Click RCE ↗LayerX Security: Claude Desktop Extensions Zero-Click RCE ↗