VYPR

Claude Code

by Anthropic

Source repositories

CVEs (30)

  • CVE-2026-39861CriApr 21, 2026
    risk 0.65cvss 10.0epss 0.01

    Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed…

  • CVE-2025-52882HigJun 24, 2025
    risk 0.57cvss epss 0.00

    Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting…

  • CVE-2026-44470HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real…

  • CVE-2026-40068HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted,…

  • CVE-2026-46406modJun 29, 2026
    risk 0.44cvss 6.8epss

    @anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command

  • CVE-2026-44467MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without…

  • CVE-2026-35603HigApr 17, 2026
    risk 0.40cvss 7.3epss 0.00

    Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData…

  • CVE-2026-54316Jun 17, 2026
    risk 0.00cvss epss 0.00

    Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker…

  • CVE-2026-35022Apr 6, 2026
    risk 0.00cvss epss 0.01

    Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making…

  • CVE-2026-35021Apr 6, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code.

  • CVE-2026-35020Apr 6, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and…

  • CVE-2026-33068Mar 20, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set…

  • CVE-2026-25725Feb 6, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and…

  • CVE-2026-25724Feb 6, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude…

  • CVE-2026-25723Feb 6, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories…

  • CVE-2026-25722Feb 6, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to…

  • CVE-2026-24887Feb 3, 2026
    risk 0.00cvss epss 0.01

    Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to…

  • CVE-2026-24053Feb 3, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting…

  • CVE-2026-24052Feb 3, 2026
    risk 0.00cvss epss 0.00

    Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org,…

  • CVE-2025-66032Dec 3, 2025
    risk 0.00cvss epss 0.01

    Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability…

Page 1 of 2