4 matches found
1shot (>=0.0.1 <=0.0.9), @3030-labs/wotw (>=0.8.4 <=0.9.0) +376 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =0.8.4, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-39861 Source advisory: OSV:GHSA-VP62-R36R-9XQP...
1shot (>=0.0.1 <=0.0.2), @3030-labs/wotw (>=0.8.4 <=0.9.0) +179 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.63)
@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =0.8.4, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.0.0-main-260517022600, =0.0.0-main-260517043948, =0.2.5, =4.10.0, =2.1.2, =0.3.0, =0.3.5 and more Source cves: CVE-2026-39861 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16191021...
CVE-2026-39861
Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...
CVE-2026-39861
creationtimestamp| type| source ---|---|--- 2026-04-20 16:16:06+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-39861 2026-04-21 02:40:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjxxg2owzt2o 2026-04-21 03:18:04+00:00| seen|...