📦 Claude Code

This vulnerability allows malicious code running inside Claude Code's sandbox to create a missing settings.json file and inject persistent hooks that execute with host privileges upon restart. It affe...

CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .claude. By using the cd command to navigate into pr...

CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only validation to execute arbitrary code. Attackers can exploit this by injecting malicious shell command...

CVE-2025-64755 is a critical vulnerability in Claude Code versions before 2.0.31 that allows attackers to bypass read-only validation and write arbitrary files to the host system. This affects all use...

CVE-2025-65099 is a critical code execution vulnerability in Claude Code where Yarn plugins could execute malicious code before user consent. This affects users running Claude Code versions below 1.0....

CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git user.email configuration could execute arbitrary commands before workspace trust dialog acceptance. ...

CVE-2025-58764 is a command injection vulnerability in Claude Code that allows bypassing the confirmation prompt to execute untrusted commands. This affects users of Claude Code versions prior to 1.0....

CVE-2025-54794 is a path traversal vulnerability in Claude Code versions below 0.2.111 that allows attackers to bypass directory restrictions and access files outside the current working directory. Th...

CVE-2026-25724 is a symbolic link bypass vulnerability in Claude Code that allows reading files explicitly denied in settings.json. Attackers could access sensitive system files like /etc/passwd throu...

CVE-2026-24887 is a command injection vulnerability in Claude Code that allows bypassing confirmation prompts to execute arbitrary commands via the find command. This affects users of Claude Code vers...

CVE-2026-24052 is a URL validation bypass vulnerability in Claude Code's trusted domain verification. Attackers could register malicious subdomains that pass validation (e.g., modelcontextprotocol.io....

This vulnerability in Claude Code versions before 2.0.65 allows malicious repositories to exfiltrate Anthropic API keys before users confirm trust. When opening a repository with a specially crafted s...

Claude Code versions before 1.0.111 contain a code injection vulnerability that allows arbitrary code execution when users start the application in untrusted directories. The vulnerability bypasses th...

CVE-2025-55284 allows attackers to bypass Claude Code's confirmation prompts to read local files and exfiltrate their contents over the network without user consent. This occurs due to an overly permi...

CVE-2026-25723 is an input validation vulnerability in Claude Code that allows attackers to bypass file write restrictions using piped sed operations with echo commands. This enables writing to sensit...

CVE-2026-24053 is a path traversal vulnerability in Claude Code that allows attackers to bypass directory restrictions and write files outside the current working directory. This affects users running...