CVE-2026-24887 – CVE-2026-24887 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2026-24887?

CVE-2026-24887 has a CVSS score of 8.8 (HIGH). CVE-2026-24887 is a command injection vulnerability in Claude Code that allows bypassing confirmation prompts to execute arbitrary commands via the find command. This affects users of Claude Code versions before 2.0.72 who process untrusted content. Attackers could execute malicious commands if they can inject content into Claude Code's context window.

📋 TL;DR

CVE-2026-24887 is a command injection vulnerability in Claude Code that allows bypassing confirmation prompts to execute arbitrary commands via the find command. This affects users of Claude Code versions before 2.0.72 who process untrusted content. Attackers could execute malicious commands if they can inject content into Claude Code's context window.

💻 Affected Systems

Products:

Claude Code

Versions: All versions prior to 2.0.72

Operating Systems: All platforms running Claude Code

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configurations when processing untrusted content through Claude Code's interface.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Claude Code process, potentially leading to complete system compromise, data theft, or lateral movement.

🟠

Likely Case

Limited command execution within the user's context when processing maliciously crafted content from untrusted sources.

🟢

If Mitigated

No impact if proper input validation and sandboxing are implemented, or if untrusted content is never processed.

🌐 Internet-Facing: MEDIUM - Requires user interaction with untrusted content but could be triggered through web interfaces or API integrations.

🏢 Internal Only: MEDIUM - Internal users could be tricked into processing malicious content, but requires social engineering or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the ability to inject untrusted content into Claude Code's context window, which typically requires some level of user interaction or compromised input sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.72

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w

Restart Required: Yes

Instructions:

1. Update Claude Code to version 2.0.72 or later. 2. Restart the Claude Code application or service. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Disable command execution features

all

Temporarily disable or restrict Claude Code's ability to execute system commands through configuration.

Check Claude Code documentation for command execution settings

Input validation and sanitization

all

Implement strict input validation to prevent untrusted content from reaching Claude Code's command parsing.

🧯 If You Can't Patch

Restrict Claude Code to only process trusted content from verified sources.
Run Claude Code in a sandboxed environment with minimal privileges to limit potential damage from exploitation.

🔍 How to Verify

Check if Vulnerable:

Check Claude Code version - if it's below 2.0.72, the system is vulnerable.

Check Version:

Check Claude Code's about/help menu or configuration files for version information.

Verify Fix Applied:

Confirm Claude Code version is 2.0.72 or higher and test that command execution prompts cannot be bypassed.

📡 Detection & Monitoring

Log Indicators:

Unexpected command executions from Claude Code process
Failed confirmation prompt bypass attempts
Unusual find command usage patterns

Network Indicators:

Outbound connections from Claude Code to unexpected destinations
Command and control traffic originating from Claude Code host

SIEM Query:

Process execution where parent_process contains 'claude' AND command_line contains 'find' with suspicious arguments

📊 Metadata

CVE ID: CVE-2026-24887

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: February 3, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24887, you might also want to check these: