Claude Desktop Cowork VM Integrity Bypass (CVE-2026-7574)

Summary

CVE-2026-7574 is a local VM image integrity bypass in Anthropic Claude Desktop Cowork (versions v1.1348.0 – v1.2278.0 on macOS per indexed advisory). The application verifies only that rootfs.img exists and matches version metadata before booting the Cowork VM — it does not cryptographically validate image contents. A local attacker with low privileges can replace or tamper with rootfs.img to achieve persistent code execution inside the Cowork VM across restarts. Documented on Sploitus with CVSS 8.7.

OFFSITE.DARK cites Sploitus as index source; this is a post-compromise persistence issue, not remote pre-auth exploitation.

Technical Details

Aspect	Detail
CVE	CVE-2026-7574
Product	Claude Desktop Cowork
Affected	v1.1348.0 – v1.2278.0 (macOS confirmed in index)
CWE	CWE-353 (Missing Support for Integrity Check)
Attack vector	Local
Privileges	Low (local user)
Scope	Changed (VM boundary)

Checks performed vs missing:

✓ File exists
✓ Version metadata matches
✗ SHA-256 / signature verification
✗ Secure boot / trust chain

CVE

Field	Value
CVE	CVE-2026-7574
CVSS	8.7 High
Exploitation	Post-compromise persistence
Sploitus date	2026-06-25
Public disclosure	2026-06-24

Impact

Attackers with local foothold can maintain execution inside the Cowork VM, access host-VM shared mounts, and survive application reinstalls if the tampered image persists. Relevant to shared workstations and insider-threat scenarios rather than internet-wide scanning.

Mitigation

1. Apply Anthropic updates when vendor ships integrity verification.
2. Restrict local user access to Claude Desktop hosts handling sensitive data.
3. Monitor rootfs.img modification times and unexpected startup scripts inside the VM.
4. Recreate Cowork VM images from known-good sources after suspected tampering.
5. Vendor recommendation (indexed): SHA-256 validation, signatures, secure boot, runtime integrity checks.

Sources

• Sploitus — CVE-2026-7574 advisory (index reference)