Anthropic

Claude Code

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-35022

Exploit
  • EPSS 0.32%
  • Veröffentlicht 06.04.2026 18:59:29
  • Zuletzt bearbeitet 13.04.2026 20:16:34

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence auth...

8.4

CVE-2026-35021

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 18:59:06
  • Zuletzt bearbeitet 13.04.2026 20:16:34

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell meta...

8.6

CVE-2026-35020

Exploit
  • EPSS 0.09%
  • Veröffentlicht 06.04.2026 18:58:40
  • Zuletzt bearbeitet 13.04.2026 20:16:34

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environme...

8.8

CVE-2026-33068

  • EPSS 0.11%
  • Veröffentlicht 20.03.2026 08:17:47
  • Zuletzt bearbeitet 24.03.2026 15:46:36

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A ma...

10

CVE-2026-25725

  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 18:16:00
  • Zuletzt bearbeitet 09.02.2026 14:46:12

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was moun...

7.5

CVE-2026-25724

  • EPSS 0.06%
  • Veröffentlicht 06.02.2026 18:16:00
  • Zuletzt bearbeitet 27.03.2026 22:16:20

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such a...

6.5

CVE-2026-25723

  • EPSS 0.12%
  • Veröffentlicht 06.02.2026 18:15:59
  • Zuletzt bearbeitet 09.02.2026 14:50:15

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writin...

9.1

CVE-2026-25722

  • EPSS 0.16%
  • Veröffentlicht 06.02.2026 18:15:59
  • Zuletzt bearbeitet 09.02.2026 14:51:42

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .c...

8.8

CVE-2026-24887

  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 20:50:25
  • Zuletzt bearbeitet 06.02.2026 20:19:47

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting...

6.5

CVE-2026-24053

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 20:49:59
  • Zuletzt bearbeitet 06.02.2026 20:24:38

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user p...