Is CVE-2026-22708 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-22708 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-22708

Tenet Security disclosed a new attack class on June 12. Attackers inject prompts into Sentry error events using publicly discoverable DSNs. AI coding agents retrieve the events via MCP and execute attacker-controlled code. Sentry called it 'technically not defensible.'

2026

What WebPulse reported · 2 analyses

Agentjacking: A Malicious Sentry Error Event Can Hijack Claude Code, Cursor, and Codex. 2,388 Organizations Exposed.

Tenet Security disclosed a new attack class on June 12. Attackers inject prompts into Sentry error events using publicly discoverable DSNs. AI coding agents ret

June 15, 2026

Claude Code GitHub Action Had a Prompt Injection Flaw. A Malicious Issue Title Could Read Your CI/CD Secrets.

CVE-2026-22708, CVSS 7.8. A crafted GitHub issue description caused Claude Code's GitHub Action to read CI/CD secrets from /proc/self/environ. Patched in v1.0.9

June 14, 2026

View CVE-2026-22708 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657