cbcvebase.

Anthropic Claude Code vulnerabilities

29 known vulnerabilities affecting anthropic/claude_code.

Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH12MEDIUM4

Vulnerabilities

Page 2 of 2
CVE-2025-55284P3HIGHCVSS 7.5fixed in 1.0.42025-08-16
CVE-2025-55284 [HIGH] CWE-78 CVE-2025-55284: Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Co Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code con
nvd
CVE-2026-35020P3HIGHCVSS 8.6≤ 2.1.912026-04-06
CVE-2026-35020 [HIGH] CWE-78 CVE-2026-35020: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell metacharacters into the TERMINAL variable which are interpreted b
cvelistv5nvd
CVE-2026-24052P3HIGHCVSS 7.4fixed in 1.0.1112026-02-03
CVE-2026-24052 [HIGH] CWE-601 CVE-2026-24052: Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register do
nvd
CVE-2026-25723P3MEDIUMCVSS 6.5fixed in 2.0.552026-02-06
CVE-2026-25723 [MEDIUM] CWE-20 CVE-2026-25723: Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly valid Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting thi
nvd
CVE-2026-35021P3HIGHCVSS 8.4≤ 2.1.912026-04-06
CVE-2026-35021 [HIGH] CWE-78 CVE-2026-35021: Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands
cvelistv5nvd
CVE-2026-24053P3MEDIUMCVSS 6.5fixed in 2.0.742026-02-03
CVE-2026-24053 [MEDIUM] CWE-22 CVE-2026-24053: Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation fla Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted conte
nvd
CVE-2026-35603P3HIGHCVSS 7.3fixed in 2.1.752026-04-17
CVE-2026-35603 [HIGH] CWE-426 CVE-2026-35603: Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded th Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCod
nvd
CVE-2025-59829P3MEDIUMCVSS 6.5fixed in 1.0.1202025-10-03
CVE-2025-59829 [MEDIUM] CWE-61 CVE-2025-59829: Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when ch Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update will hav
nvd
CVE-2026-46406P4MEDIUMCVSS 6.1≥ 2.1.58, < 2.1.1282026-06-29
CVE-2026-46406 [MEDIUM] CWE-59 CVE-2026-46406: Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wro Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privil
nvd
Anthropic Claude Code vulnerabilities | cvebase