Cyber Resilience

CVE-2026-7574

High

Published: 24 June 2026

Published
24 June 2026
Modified
25 June 2026
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0010 1.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7574 is a high-severity Missing Support for Integrity Check (CWE-353) vulnerability in Recon (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Pre-OS Boot (T1542); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local…

more

attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542 Pre-OS Boot Stealth
Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system.
Why these techniques?

Lack of VM image integrity verification directly enables tampering with boot-time rootfs for persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Recon
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-353

Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records.

addresses: CWE-353

Implements required signature-based integrity verification, addressing missing support for integrity checks on components.

addresses: CWE-353

Requiring control over the integrity of all changes directly compels developers to implement integrity verification mechanisms rather than omitting them.

addresses: CWE-353

Tamper detection fundamentally depends on integrity-checking capabilities that this control mandates or strengthens.

addresses: CWE-353

Explicitly requires support for integrity and authenticity checks on components before acceptance into the system.

addresses: CWE-353

Supplies the integrity-check artifacts (e.g., RRSIG, DNSKEY) that were previously missing for DNS responses.

addresses: CWE-353

Control explicitly adds support for integrity mechanisms such as checksums during preparation, preventing attacks that rely on missing integrity checks.

addresses: CWE-353

Directly supplies the missing integrity verification mechanism the weakness describes.

References