RCE in Anthropics Claude-code-action

CVE-2026-47751

Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head branches, read .mcp.json from the working…

Vulnerability class: Command Injection (OS Command Injection)

Affected products

Weakness classification (CWE)

References