← Voltar para CVEs
CVE-2026-25723
MEDIUM6.5
Descricao
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/6/2026
Ultima modificacao2/9/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
anthropic:claude_code
Fraquezas (CWE)
CWE-20CWE-78
Referencias
https://github.com/anthropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.