6 matches found
Anthropic Claude Code < 2.1.7 Permission Deny Bypass Through Symbolic Links (CVE-2026-25724)
The version of Anthropic Claude Code installed on the remote host is prior to 2.1.7. It is, therefore, affected by a permission bypass vulnerability. Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly...
CVE-2026-25724
creationtimestamp| type| source ---|---|--- 2026-02-08 03:40:06+00:00| seen| https://gist.github.com/alon710/1c6b06029608bb23418dcb4699619f4d 2026-02-09 16:07:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3megtfbdmwi2v...
CVE-2026-25724
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...
CVE-2026-25724
Claude Code has a permission-deny bypass flaw via symbolic links. Prior to version 2.1.7, if access to a file (e.g., /etc/passwd) was denied but Claude Code could reach a symlink to that file, the tool could read the restricted file without enforcing the deny rule. The issue has been patched in v...
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...