VYPR
Vendor

Anthropic

Products
12
CVEs
39
Across products
45
Status
Private

Products

12

Recent CVEs

39
View all 39 CVEs →
  • CVE-2026-39861CriApr 21, 2026
    risk 0.65cvss 10.0epss 0.01

    Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed…

  • CVE-2026-0757HigJan 23, 2026
    risk 0.57cvss 8.8epss 0.01

    MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability…

  • CVE-2025-52882HigJun 24, 2025
    risk 0.57cvss epss 0.00

    Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting…

  • CVE-2026-44470HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real…

  • CVE-2026-22561HigMar 31, 2026
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation,…

  • CVE-2026-40068HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted,…

  • CVE-2026-55607impJun 29, 2026
    risk 0.46cvss 7.1epss

    Claude Code: @anthropic-ai/claude-code: Claude Code: Arbitrary code execution through git directory confusion

  • CVE-2026-46406modJun 29, 2026
    risk 0.44cvss 6.8epss

    @anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command

  • CVE-2026-44467MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without…

  • CVE-2026-35603HigApr 17, 2026
    risk 0.40cvss 7.3epss 0.00

    Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData…

  • CVE-2026-41686MedMay 4, 2026
    risk 0.29cvss 4.4epss 0.00

    Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the…

  • CVE-2026-34451MedMar 31, 2026
    risk 0.28cvss 5.4epss 0.00

    Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix…

  • CVE-2026-34452MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory…

  • CVE-2026-34450MedMar 31, 2026
    risk 0.22cvss 4.4epss 0.00

    The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a…

  • CVE-2025-66479LowDec 4, 2025
    risk 0.05cvss epss 0.00

    Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a…

  • CVE-2026-7574Jun 23, 2026
    risk 0.00cvss epss 0.00

    Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at…

  • CVE-2026-54316Jun 17, 2026
    risk 0.00cvss epss 0.00

    Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker…

  • CVE-2026-35022Apr 6, 2026
    risk 0.00cvss epss 0.01

    Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making…

  • CVE-2026-35021Apr 6, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code.

  • CVE-2026-35020Apr 6, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and…