Is CVE-2026-21852 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-21852 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-21852

IronWorm steals credentials for Claude, Codex, Gemini, and Cursor. A malicious npm package exfiltrated Claude's local files. The tools building the modern web are under attack.

2026

What WebPulse reported · 1 analysis

Your AI Coding Assistant Is a Target: The Supply Chain Attacks Nobody Expected

IronWorm steals credentials for Claude, Codex, Gemini, and Cursor. A malicious npm package exfiltrated Claude's local files. The tools building the modern web a

June 7, 2026

View CVE-2026-21852 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657