CVE-2026-39861 — Path Traversal in Claude-code

CWE-22 — Path Traversal CWE-61 — UNIX Symbolic Link (Symlink) Following3 documents3 sources

Severity

7.7HIGHNVD

EPSS

0.1%

top 65.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropics Claude-code Anthropic-ai Claude-code

Timeline

PublishedApr 21

Description

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5anthropics/claude-code< 2.1.64

▶npmanthropic-ai/claude-code< 2.1.64

🔴Vulnerability Details

GHSA

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace↗2026-04-21

▶

VulDB

Anthropic claude-code up to 2.1.63 Symlink path traversal (GHSA-vp62-r36r-9xqp / EUVD-2026-24033)↗2026-04-21

▶