326 matches found
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
PT-2025-40539
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...
PT-2025-40458
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool that contains a bug in the startup trust dialog implementation. This flaw allows for code injection, where the tool can be tricked into executing code...
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
PT-2025-39338
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...
CVE-2025-59041
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config e.g., via a malicious .git/config and set user.email to a crafted payload, the unescaped interpolation could...
GHSA-J4H9-WV2M-WRF7 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config e.g., via a malicious .git/config and set user.email to a crafted payload, the unescaped interpolation could...
Claude Code rg vulnerability does not protect against approval prompt bypass
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
CVE-2025-59041
CVE-2025-59041 affects Claude Code, an agentic coding tool. At startup, Claude Code constructed a shell command interpolating the value of git config user.email, enabling arbitrary code execution if the configuration is maliciously crafted before the workspace trust dialog is accepted. The issue ...
PT-2025-37055
Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. A flaw in command parsing allowed a bypass of the Claude Code confirmation prompt, potentially triggering the execution of untrusted commands...
GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
CVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...