Auth bypass in Anthropics Claude-code
CVE-2026-25724
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a f…
EPSS: 0.001 (17.5th percentile) — read the EPSS interpretation.
Affected products
- Anthropics Claude-code — versions < 2.1.7
Weakness classification (CWE)
References
- https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx (x_refsource_CONFIRM)