Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

claude-code — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in claude-code, with AI-generated Chinese analysis, references, and POCs.

Vendor: anthropics

CVE IDTitleCVSSSeverityPublished
CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace CWE-22 8.8AIHighAI2026-04-21
CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows CWE-426 7.3AIHighAI2026-04-17
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File CWE-807 8.8 -2026-03-20
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json CWE-501 8.4AIHighAI2026-02-06
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links CWE-61 6.5AIMediumAI2026-02-06
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions CWE-20 9.4AICriticalAI2026-02-06
CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection CWE-20 7.5AIHighAI2026-02-06
CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt CWE-78 8.3AIHighAI2026-02-03
CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes CWE-22 6.5AIMediumAI2026-02-03
CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains CWE-601 7.5AIHighAI2026-02-03
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation CWE-522 6.5AIMediumAI2026-01-21
CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution CWE-77 8.4AIHighAI2025-12-03
CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes CWE-78 6.2 -2025-11-21
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog CWE-94 8.8AIHighAI2025-11-19
CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink CWE-61 4.3AIMediumAI2025-10-03
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack CWE-94 8.8AIHighAI2025-10-03
CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions CWE-829 9.1AICriticalAI2025-09-24
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email CWE-94 8.8AIHighAI2025-09-10
CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution CWE-94 8.8AIHighAI2025-09-10
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code CWE-78 9.4AICriticalAI2025-08-16
CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access CWE-22 9.1AICriticalAI2025-08-05
CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution CWE-78 8.3AIHighAI2025-08-05
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins CWE-1385 7.1AIHighAI2025-06-24

All 23 known CVE vulnerabilities affecting claude-code with full Chinese analysis, references, and POCs where available.