Claude AI assistant is one calendar invite away from total system compromise

Published: 12 February 2026
malware-invitation
Image by Cybernews.

Hacking now is as simple as sending a calendar invite. Security researchers have discovered a critical vulnerability in Claude Desktop Extensions that allows attackers to take over the system without any user interaction.

Cybernews previously warned about Claude Desktop browsing the internet and executing prompts embedded on untrusted websites.

Now, security researchers at LayerX Security have demonstrated another attack that is even easier to pull off. Instead of hoping an AI agent stumbles onto a malicious website, hackers can deliver instructions directly to the user's inbox.

ADVERTISEMENT

“A single Google Calendar event can silently compromise a system running Claude Desktop Extensions. The flaw impacts more than 10,000 active users and 50 Claude Desktop Extensions,” LayerX warns in a report detailing the discovered remote code execution vulnerability.

The exploit is remarkably simple and doesn’t require any prompt engineering, obfuscation, or instruction hiring.

The demonstrated Google Calendar invite was titled “Task Management” and contained instructions as straightforward as they get: pull the package from GitHub, save it locally, and execute a specified file.

3-1
Image by LayerX Security.

If the user ever prompts its Claude AI assistant to check the latest events in Google Calendar and handle them, Claude assumes that this command justifies running the code.

“This requires no user interaction, no confirmation prompt, and no explicit request for system-level automation. The result is a full remote code execution, meriting a CVSS score of 10/10,” LayerX said.

At the time of writing, this vulnerability remains unaddressed.

claude
Image by LayerX Security.
ADVERTISEMENT

Claude roams unrestricted

Claude Desktop is an app for using Anthropic’s AI assistant directly on the computer instead of a web browser. Moreover, users can choose to grant the AI assistant greater access and capabilities, such as reading messages or controlling the browser, through the so-called Claude Desktop Extensions. That’s where the vulnerability lies.

Unlike traditional browser extensions, which are sandboxed, Claude Desktop Extensions run with full system permissions. They can read arbitrary files, access stored credentials, modify system settings, and execute commands.

Claude autonomously decides which installed tool to use, or how to best chain them together.

“As a result, Claude can autonomously chain low-risk connectors (e.g., Google Calendar) to high-risk local executors, without user awareness or consent,” LayerX explains.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“If exploited by a bad actor, even a benign prompt coupled with a maliciously worded calendar event is sufficient to trigger arbitrary local code execution that compromises the entire system.”

The researchers warn that there are no hardcoded safeguards preventing the AI assistant from misbehaving.

“Our recommendation is straightforward: until meaningful safeguards are introduced, MCP connectors should not be used on systems where security matters,” LayerX concludes.

This architectural design is not unique to Claude Desktop, and other local AI assistants with direct access and broad permissions may also be susceptible to similar exploits.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT