Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

claude-code — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in claude-code, with AI-generated Chinese analysis, references, and POCs.

This page catalogs Common Weakness Enumeration entries associated with the claude-code product developed by Anthropic. It aggregates security vulnerabilities identified within the Claude Code terminal-based coding assistant, a tool that leverages large language models to assist developers with software engineering tasks. The data presented covers weaknesses reported between January 2024 and the present, reflecting the evolving threat landscape as the product has transitioned from beta to general availability. Users can utilize this resource to track vendor advisories related to Anthropic’s code execution environment, understand specific weakness classes such as injection flaws or information disclosure that may arise from AI-driven code generation, and review the vulnerability history of this specific development tool. The collection focuses on distinct security flaws that impact the integrity, confidentiality, or availability of the system when interacting with local repositories or executing shell commands. By centralizing these records, the page aims to provide transparency into the security posture of the application without attributing blame or offering speculative analysis. This structured approach allows security professionals to assess risk factors, compare findings against similar AI-assisted development tools, and verify patch status across different versions of the software. The content is strictly informational, derived from public disclosures and verified reports, ensuring that the historical record remains accurate and accessible for compliance and auditing purposes.

Vendor: anthropics

CVE IDTitleCVSSSeverityPublished
CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch CWE-183--2026-06-23
CVE-2026-44470 Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService CWE-59--2026-05-13
CVE-2026-44467 Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions CWE-297--2026-05-13
CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass CWE-20 7.0 -2026-05-05
CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace CWE-22 8.8AIHighAI2026-04-21
CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows CWE-426 7.3AIHighAI2026-04-17
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File CWE-807 8.8 -2026-03-20
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json CWE-501 8.4AIHighAI2026-02-06
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links CWE-61 6.5AIMediumAI2026-02-06
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions CWE-20 9.4AICriticalAI2026-02-06
CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection CWE-20 7.5AIHighAI2026-02-06
CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt CWE-78 8.3AIHighAI2026-02-03
CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes CWE-22 6.5AIMediumAI2026-02-03
CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains CWE-601 7.5AIHighAI2026-02-03
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation CWE-522 6.5AIMediumAI2026-01-21
CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution CWE-77 8.4AIHighAI2025-12-03
CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes CWE-78 6.2 -2025-11-21
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog CWE-94 8.8AIHighAI2025-11-19
CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink CWE-61 4.3AIMediumAI2025-10-03
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack CWE-94 8.8AIHighAI2025-10-03
CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions CWE-829 9.1AICriticalAI2025-09-24
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email CWE-94 8.8AIHighAI2025-09-10
CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution CWE-94 8.8AIHighAI2025-09-10
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code CWE-78 9.4AICriticalAI2025-08-16
CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access CWE-22 9.1AICriticalAI2025-08-05
CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution CWE-78 8.3AIHighAI2025-08-05
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins CWE-1385 7.1AIHighAI2025-06-24

All 27 known CVE vulnerabilities affecting claude-code with full Chinese analysis, references, and POCs where available.