Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

anthropics — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting anthropics. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by anthropics:claude-codeanthropic-sdk-pythonanthropic-sdk-typescript
CVE IDTitleCVSSSeverityPublished
CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace — claude-codeCWE-22 8.8AIHighAI2026-04-21
CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows — claude-codeCWE-426 7.3AIHighAI2026-04-17
CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories — anthropic-sdk-typescriptCWE-22 8.1 -2026-03-31
CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool — anthropic-sdk-pythonCWE-276 4.4 -2026-03-31
CVE-2026-34452 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape — anthropic-sdk-pythonCWE-59 8.4 -2026-03-31
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File — claude-codeCWE-807 8.8 -2026-03-20
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json — claude-codeCWE-501 8.4AIHighAI2026-02-06
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links — claude-codeCWE-61 6.5AIMediumAI2026-02-06
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions — claude-codeCWE-20 9.4AICriticalAI2026-02-06
CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection — claude-codeCWE-20 7.5AIHighAI2026-02-06
CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt — claude-codeCWE-78 8.3AIHighAI2026-02-03
CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes — claude-codeCWE-22 6.5AIMediumAI2026-02-03
CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains — claude-codeCWE-601 7.5AIHighAI2026-02-03
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation — claude-codeCWE-522 6.5AIMediumAI2026-01-21
CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution — claude-codeCWE-77 8.4AIHighAI2025-12-03
CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes — claude-codeCWE-78 6.2 -2025-11-21
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog — claude-codeCWE-94 8.8AIHighAI2025-11-19
CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink — claude-codeCWE-61 4.3AIMediumAI2025-10-03
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack — claude-codeCWE-94 8.8AIHighAI2025-10-03
CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions — claude-codeCWE-829 9.1AICriticalAI2025-09-24
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email — claude-codeCWE-94 8.8AIHighAI2025-09-10
CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution — claude-codeCWE-94 8.8AIHighAI2025-09-10
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code — claude-codeCWE-78 9.4AICriticalAI2025-08-16
CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access — claude-codeCWE-22 9.1AICriticalAI2025-08-05
CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution — claude-codeCWE-78 8.3AIHighAI2025-08-05
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins — claude-codeCWE-1385 7.1AIHighAI2025-06-24

This page lists every published CVE security advisory associated with anthropics. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.