RCE in Anthropics Claude-code
CVE-2026-55607
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Anthropics Claude-code — versions >= 2.1.38, < 2.1.163
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)