Open Redirect in Anthropics Claude-code

CVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate…

Vulnerability class: Open Redirect

EPSS: 0.000 (3.1th percentile) — read the EPSS interpretation.

Affected products

Anthropics Claude-code — versions < 1.0.111

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf (x_refsource_CONFIRM)