Anthropics Claude-code
26 CVEs affecting Anthropics Claude-code. Latest disclosed: 2026-05-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40068 | High | 8.8 | 2026-05-05 | In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An… |
CVE-2026-44470 | High | 7.8 | 2026-05-13 | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMServic… |
CVE-2026-44467 | Medium | 6.8 | 2026-05-13 | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Cla… |
CVE-2026-39861 | | 2026-04-21 | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to lo… | |
CVE-2026-35603 | | 2026-04-17 | Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\Cla… | |
CVE-2026-33068 | | 2026-03-20 | Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/setting… | |
CVE-2026-25725 | | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.js… | |
CVE-2026-25724 | | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing fil… | |
CVE-2026-25723 | | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo comma… | |
CVE-2026-25722 | | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations t… | |
CVE-2026-24887 | | 2026-02-03 | Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prom… | |
CVE-2026-24053 | | 2026-02-03 | Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass… | |
CVE-2026-24052 | | 2026-02-03 | Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism… | |
CVE-2026-21852 | | 2026-01-21 | Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate d… | |
CVE-2025-66032 | | 2025-12-03 | Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass… | |
CVE-2025-64755 | | 2025-11-21 | Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only val… | |
CVE-2025-65099 | | 2025-11-19 | Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execut… | |
CVE-2025-59829 | | 2025-10-03 | Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied C… | |
CVE-2025-59536 | | 2025-10-03 | Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claud… | |
CVE-2025-59828 | | 2025-09-24 | Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when… |