CVE-2026-25724

Low CVSS: 2.3

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.

Vendor

Anthropic

Product

Claude Code

CWE

CWE-61

Yayın Tarihi

2026-02-06 18:16:00

Güncelleme

2026-03-27 22:16:20

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-61 Claude Code LOW Anthropic 2026

Referanslar

https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx https://www.terra.security/blog/when-ai-becomes-the-attack-surface-lessons-from-discovering-cve-2026-25724

Benzer Kayıtlar

Medium

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336…

High

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ…

High

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to p…

High

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change…

High

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p…

High

CVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in it…