326 matches found
PT-2026-26297
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.53 Description Claude Code is an agentic coding tool that experienced a loading order issue in its settings loader. The software resolved the permission mode from settings files, such as the...
PT-2026-20516
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
GHSA-FF64-7W26-62RF Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
Claude Code has Permission Deny Bypass Through Symbolic Links
Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...
GHSA-4Q92-RFM6-2CQX Claude Code has Permission Deny Bypass Through Symbolic Links
Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
GHSA-66Q4-VFJG-2QHH Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...
PT-2026-6850
Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...
PT-2026-6858
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
PT-2026-6853
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...
Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude...
GHSA-QGQW-H4XQ-7W8W Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude...
Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...
PT-2026-6464
Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...
CVE-2022-40620
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...
GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...
EUVD-2025-36719
memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service memoQauhlp101. The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to...
CVE-2025-60320
memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service memoQauhlp101. The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to...
PT-2025-44347
Name of the Vulnerable Software and Affected Versions memoQ versions 10.1.13.ef1b2b52aae and earlier Description memoQ versions 10.1.13.ef1b2b52aae and earlier contain an unquoted service path vulnerability in the memoQ Auto Update Service memoQauhlp101. The service is installed with a path...