High severityOSV Advisory· Published Feb 3, 2026· Updated Feb 3, 2026
Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
CVE-2026-24053
Description
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@anthropic-ai/claude-codenpm | < 2.0.74 | 2.0.74 |
Affected products
1- Range: v2.0.73
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-q728-gf8j-w49rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24053ghsaADVISORY
- github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.