Lucene search
K

473 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Anthropic Claude Code 2.1.59 < 2.1.128 Information Disclosure (CVE-2026-46406)

The version of Anthropic Claude Code installed on the remote host is 2.1.59 prior to 2.1.128. It is, therefore, affected by an information disclosure vulnerability: - The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation,...

6.1CVSS6AI score0.00149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Anthropic Claude Code 2.1.38 < 2.1.163 Sandbox Escape (CVE-2026-55607)

The version of Anthropic Claude Code installed on the remote host is 2.1.38 prior to 2.1.163. It is, therefore, affected by a sandbox escape vulnerability: - Claude Code's worktree handling allowed creation of worktrees named '.git' and navigation to worktrees outside the sandbox context, enablin...

8.8CVSS6.4AI score0.00765EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 8:20 p.m.9 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.00765EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 1:37 p.m.7 views

CVE-2026-46406

A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...

6.8CVSS6AI score0.00149EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.7 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

8.8CVSS0.00765EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:4 p.m.8 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 2:4 p.m.7 views

EUVD-2026-40117

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 2:4 p.m.32 views

CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS0.00765EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 2:3 p.m.8 views

EUVD-2026-40116

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 2:3 p.m.34 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 2:3 p.m.18 views

CVE-2026-46406

CVE-2026-46406 affects @anthropic-ai/claude-code versions 2.1.59 through 2.1.128. The /copy command writes responses to a hardcoded, predictable path (/tmp/claude/response.md) with UID isolation, randomness, and symlink protections missing. The file is world-readable (0644) in a world-traversable...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-418 MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.21 views

PT-2026-52680

Name of the Vulnerable Software and Affected Versions Claude Code affected versions not specified Description A prompt injection flaw allows for a full sandbox escape, leading to arbitrary code execution on the host system. This issue persists even when the software is configured with read-only...

8.8CVSS6.5AI score0.00765EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/25 4:53 p.m.5 views

Insecure Temporary File

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insecure Temporary File via the...

6.1CVSS6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

9.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 5:6 p.m.45 views

CVE-2026-54316

CVE-2026-54316 (Claude Code) affects Claude Code versions 0.2.54–2.1.162, fixed in 2.1.163. The WebFetch tool allowed any path on the pre-approved domain huggingface.co, enabling an attacker-controlled repository path to be fetched without prompts or --allowedTools restrictions. If an attacker ca...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:6 p.m.33 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS0.00403EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 6:35 p.m.6 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:6 p.m.7 views

Covert Storage Channel

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References3
Rows per page
Query Builder