The high-severity vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), has been codenamed “Copy Fail” by Xint.io and ...
Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.