CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

CVE-2026-39861

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

Claude Code 路径遍历漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Claude Code has a path traversal vulnerability, which stems from the lack of restrictions on creating symbolic links that point outside the workspace by the sandbox processes...

PT-2026-33883

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.64 Description The sandbox in this agentic coding tool failed to prevent sandboxed processes from creating symbolic links symlinks pointing to locations outside the workspace. When the unsandboxed process wrot...

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

GHSA-5CWG-9F6J-9JVX Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

On Windows, Claude Code loaded system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory...

1shot (>=0.0.1 <=0.0.9), @3030-labs/wotw (=0.8.4) +373 more potentially affected by CVE-2026-35603 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.71)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 and more Source cves: CVE-2026-35603 Source advisory: OSV:GHSA-5CWG-9F6J-9JVX...

CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

CVE-2026-35603

CVE-2026-35603 affects Claude Code on Windows prior to 2.1.75. The issue arises when Claude Code loads the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or permissions. Since ProgramData is writable by non-admins by d...

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

Claude Code 安全漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.1.75 contained a security vulnerability. This vulnerability stemmed from the lack of verification of directory ownership or access permissions when loading system-wide...

EUVD-2026-22293

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains...

Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records

A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies...

Anthropic Claude Code < 2.1.2 Sandbox Escape via settings.json Injection (CVE-2026-25725)

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.2. It is, therefore, affected by a sandbox escape vulnerability. The bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While th...

Anthropic Claude Code < 2.1.7 Permission Deny Bypass Through Symbolic Links (CVE-2026-25724)

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.7. It is, therefore, affected by a permission bypass vulnerability. Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly...

Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...

Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks

LayerX researchers have discovered how to bypass Claude Code’s safety rules using the CLAUDE.md file. This exploit allows…...

CVE-2026-35021

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...