PT-2026-40438

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Recommendations At the moment, the...

PT-2026-40437

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

PT-2026-38675

Name of the Vulnerable Software and Affected Versions cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 WP Squared cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to...

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...

GHSA-4Q92-RFM6-2CQX Claude Code has Permission Deny Bypass Through Symbolic Links

Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...

PT-2026-6858

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...

PT-2026-6464

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

GHSA-7MV8-J34Q-VP7Q @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the...

CVE-2025-59829

CVE-2025-59829 affects Claude Code (Anthropic) prior to version 1.0.120. The root cause is improper handling of symbolic links when evaluating permission-deny rules, enabling a user-denied file to be accessed via a symlink pointing to that file. The issue is fixed in 1.0.120. Impact is exposure o...

CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

PT-2025-37055

Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. A flaw in command parsing allowed a bypass of the Claude Code confirmation prompt, potentially triggering the execution of untrusted commands...