CVE-2026-24053 – CVE-2026-24053 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2026-24053?

CVE-2026-24053 has a CVSS score of 6.5 (MEDIUM). CVE-2026-24053 is a path traversal vulnerability in Claude Code that allows attackers to bypass directory restrictions and write files outside the current working directory. This affects users running ZSH shell who can be tricked into adding malicious content to Claude Code's context window. The vulnerability requires user interaction but can lead to arbitrary file writes.

📋 TL;DR

CVE-2026-24053 is a path traversal vulnerability in Claude Code that allows attackers to bypass directory restrictions and write files outside the current working directory. This affects users running ZSH shell who can be tricked into adding malicious content to Claude Code's context window. The vulnerability requires user interaction but can lead to arbitrary file writes.

💻 Affected Systems

Products:

Claude Code

Versions: All versions prior to 2.0.74

Operating Systems: Linux, macOS, and other Unix-like systems with ZSH shell

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects users running ZSH shell; Bash and other shells are not vulnerable. Requires ability to add untrusted content to Claude Code context window.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file writes leading to remote code execution, data theft, or system destruction.

🟠

Likely Case

Local file system manipulation, configuration file modification, or data corruption in user-accessible directories.

🟢

If Mitigated

Limited impact to isolated directories if proper sandboxing and user permissions are enforced.

🌐 Internet-Facing: LOW - Requires user interaction with malicious content in the Claude Code interface.

🏢 Internal Only: MEDIUM - Internal users could exploit this to escalate privileges or compromise shared systems if they can inject malicious content.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to get users to input malicious ZSH clobber syntax into Claude Code. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.74

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r

Restart Required: Yes

Instructions:

1. Update Claude Code to version 2.0.74 or later. 2. Restart the Claude Code application. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Switch to Bash shell

linux

Use Bash instead of ZSH to avoid the vulnerability since it only affects ZSH clobber syntax parsing.

chsh -s /bin/bash
export SHELL=/bin/bash

Restrict Claude Code context input

all

Implement input validation to block ZSH clobber syntax patterns in Claude Code context windows.

🧯 If You Can't Patch

Disable Claude Code or restrict its use to trusted users only
Implement strict file system permissions and sandbox Claude Code in a restricted directory

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version: if version is less than 2.0.74 and running on ZSH, the system is vulnerable.

Check Version:

claude-code --version or check application settings/help menu

Verify Fix Applied:

Confirm Claude Code version is 2.0.74 or higher and test that ZSH clobber syntax no longer bypasses directory restrictions.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected directories
ZSH clobber syntax patterns in Claude Code logs

Network Indicators:

No network indicators - this is a local vulnerability

SIEM Query:

Process execution logs showing Claude Code writing files to unexpected locations or containing ZSH clobber patterns

📊 Metadata

CVE ID: CVE-2026-24053

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-22

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: February 3, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24053, you might also want to check these: