cbcvebase.

Anthropic-Ai Claude-Code vulnerabilities

26 known vulnerabilities affecting anthropic-ai/claude-code.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH20MEDIUM4LOW2

Vulnerabilities

Page 2 of 2
CVE-2026-24052P3HIGH≥ 0, < 1.0.1112026-02-03
CVE-2026-24052 [HIGH] CWE-601 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a `startsWith()` function to validate trusted domains (e.g., `docs.python.org`, `modelcontextprotocol.io`), this could
ghsaosv
CVE-2026-25723P3HIGH≥ 0, < 2.0.552026-02-06
CVE-2026-25723 [HIGH] CWE-20 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope
ghsaosv
CVE-2026-24053P3HIGH≥ 0, < 2.0.742026-02-03
CVE-2026-24053 [HIGH] CWE-22 Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted c
ghsaosv
CVE-2026-35603P3MEDIUM≥ 0, < 2.1.752026-04-17
CVE-2026-35603 [MEDIUM] CWE-426 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by de
ghsa
CVE-2025-59829P3LOW≥ 0, < 1.0.1202025-10-03
CVE-2025-59829 [LOW] CWE-61 Claude Code permission deny bypass through symlink Claude Code permission deny bypass through symlink Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates
ghsaosv
CVE-2026-46406P4MEDIUM≥ 2.1.59, < 2.1.1282026-06-25
CVE-2026-46406 [MEDIUM] CWE-59 @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-re
ghsa
Anthropic-Ai Claude-Code vulnerabilities | cvebase