MAL-2026-4457 Malicious code in @tmecontinue/claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...

Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

Anthropic Claude Code < 2.1.64 Sandbox Escape via Symlink Following (CVE-2026-39861)

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.64. It is, therefore, affected by a sandbox escape vulnerability. - Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code...

1shot (>=0.0.1 <=0.0.9), @3030-labs/wotw (=0.8.4) +373 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 and more Source cves: CVE-2026-39861 Source advisory: OSV:GHSA-VP62-R36R-9XQP...

Anthropic Claude Code < 2.1.2 Sandbox Escape via settings.json Injection (CVE-2026-25725)

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.2. It is, therefore, affected by a sandbox escape vulnerability. The bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While th...

Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...

CVE-2026-35021

Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the affected code path cannot be triggered through normal usage of Claude Code...

CVE-2026-35022

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior...

CVE-2026-35022

...

CVE-2026-35022

...

CVE-2026-35022

Anthropic Claude Code CLI and Claude Agent SDK are cited in multiple sources as vulnerable to an OS command injection in authentication helper execution. The underlying issue is that helper configuration values are executed with shell=true without input validation, allowing injection of shell met...

CVE-2026-35021

The CVE-2026-35021 entry is rejected by the CNA and does not represent an active vulnerability.

CVE-2026-35021

...

CVE-2026-35021

...

CVE-2026-35020

...

CVE-2026-35020

...

Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞

Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...

1shot (>=0.0.1 <=0.0.2), @3030-labs/wotw (=0.8.4) +178 more potentially affected by CVE-2026-33068 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.71)

@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.0.0-main-260517022600, =0.0.0-main-260517043948, =0.2.5, =4.10.0, =2.1.2, =3.0.2 - @chude/memory =4.0.0 and more Source cves: CVE-2026-33068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15701841...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.57.0) +15 more potentially affected by CVE-2026-25722 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.55)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-25722 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15248352...