CVE-2026-25723
📋 TL;DR
CVE-2026-25723 is an input validation vulnerability in Claude Code that allows attackers to bypass file write restrictions using piped sed operations with echo commands. This enables writing to sensitive directories like .claude folder and paths outside project scope. Users of Claude Code versions before 2.0.55 with 'accept edits' feature enabled are affected.
💻 Affected Systems
- Claude Code
📦 What is this software?
Claude Code by Anthropic
⚠️ Risk & Real-World Impact
Worst Case
Attackers could write malicious files to sensitive system directories, potentially leading to remote code execution, data theft, or complete system compromise.
Likely Case
Unauthorized file writes to sensitive project directories, configuration tampering, or privilege escalation within the Claude Code environment.
If Mitigated
Limited impact with proper access controls, but still potential for configuration file manipulation or data corruption.
🎯 Exploit Status
Exploitation requires ability to execute commands through Claude Code interface with 'accept edits' enabled. Knowledge of specific sed/echo command chaining needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.55
Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4
Restart Required: Yes
Instructions:
1. Stop Claude Code service. 2. Update to version 2.0.55 using package manager or direct download. 3. Restart Claude Code service. 4. Verify version is 2.0.55 or higher.
🔧 Temporary Workarounds
Disable Accept Edits Feature
allTemporarily disable the 'accept edits' feature to prevent command execution through Claude Code interface.
# Check Claude Code configuration for accept_edits setting
# Set accept_edits = false in configuration file
Restrict File System Access
linuxApply file system permissions to restrict Claude Code's write access to sensitive directories.
# chmod 755 /path/to/.claude
# chown root:root /path/to/.claude
🧯 If You Can't Patch
- Disable 'accept edits' feature in Claude Code configuration immediately.
- Implement strict file system permissions and monitor for unauthorized file writes to .claude directory.
🔍 How to Verify
Check if Vulnerable:
Check Claude Code version. If version is less than 2.0.55 and 'accept edits' feature is enabled, system is vulnerable.Check Version:
claude-code --version or check package manager for installed versionVerify Fix Applied:
Verify Claude Code version is 2.0.55 or higher and test that sed/echo command chaining no longer bypasses file write restrictions.📡 Detection & Monitoring
Log Indicators:
- Unusual sed/echo command patterns in Claude Code logs
- File write attempts to .claude directory or outside project scope
- Multiple failed command execution attempts
Network Indicators:
- N/A - This is a local command execution vulnerability
SIEM Query:
source="claude-code" AND (command="sed" OR command="echo") AND action="file_write" AND path CONTAINS ".claude"