Anthropic Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Anthropic products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-25724 is a symbolic link bypass vulnerability in Claude Code that allows reading files explicitly denied in settings.json. Attackers could ac...
Feb 6, 2026This vulnerability allows malicious code running inside Claude Code's sandbox to create a missing settings.json file and inject persistent hooks that ...
Feb 6, 2026CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .c...
Feb 6, 2026CVE-2026-25723 is an input validation vulnerability in Claude Code that allows attackers to bypass file write restrictions using piped sed operations ...
Feb 6, 2026CVE-2026-24052 is a URL validation bypass vulnerability in Claude Code's trusted domain verification. Attackers could register malicious subdomains th...
Feb 3, 2026CVE-2026-24053 is a path traversal vulnerability in Claude Code that allows attackers to bypass directory restrictions and write files outside the cur...
Feb 3, 2026CVE-2026-24887 is a command injection vulnerability in Claude Code that allows bypassing confirmation prompts to execute arbitrary commands via the fi...
Feb 3, 2026This vulnerability in Claude Code versions before 2.0.65 allows malicious repositories to exfiltrate Anthropic API keys before users confirm trust. Wh...
Jan 21, 2026CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only validation to execute arbitrary code. Attackers can...
Dec 3, 2025CVE-2025-64755 is a critical vulnerability in Claude Code versions before 2.0.31 that allows attackers to bypass read-only validation and write arbitr...
Nov 21, 2025CVE-2025-65099 is a critical code execution vulnerability in Claude Code where Yarn plugins could execute malicious code before user consent. This aff...
Nov 19, 2025Claude Code versions before 1.0.111 contain a code injection vulnerability that allows arbitrary code execution when users start the application in un...
Oct 3, 2025CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git user.email configuration could execute arbitrary c...
Sep 10, 2025CVE-2025-58764 is a command injection vulnerability in Claude Code that allows bypassing the confirmation prompt to execute untrusted commands. This a...
Sep 10, 2025CVE-2025-55284 allows attackers to bypass Claude Code's confirmation prompts to read local files and exfiltrate their contents over the network withou...
Aug 16, 2025CVE-2025-54794 is a path traversal vulnerability in Claude Code versions below 0.2.111 that allows attackers to bypass directory restrictions and acce...
Aug 5, 2025Why Monitor Anthropic Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Anthropic products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Anthropic packages in under 60 seconds. No agents required - completely agentless scanning that works across Anthropic deployments.
Free vulnerability database: Access detailed information about every Anthropic CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Anthropic CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
