CVE-2026-24053
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 2.0.74 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24053 is a high-severity vulnerability in the Claude Code tool prior to version 2.0.74. It stems from a Bash command validation flaw related to parsing ZSH clobber syntax. This flaw allows an attacker to bypass directory restrictions and write files outside the current working directory without user permission prompts.
To exploit this vulnerability, the user must be running the ZSH shell and be able to inject untrusted content into a Claude Code context window. The vulnerability involves improper input validation, path traversal, and OS command injection weaknesses.
How can this vulnerability impact me? :
This vulnerability can have a high impact on system confidentiality, integrity, and availability. An attacker exploiting it can write arbitrary files outside the intended directories without user permission, potentially leading to unauthorized data modification, data leakage, or disruption of system operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the affected version of Claude Code (prior to v2.0.74) is running on your system, especially if users are using the ZSH shell and have the ability to inject untrusted content into Claude Code context windows.
You can check the installed version of Claude Code by running commands such as:
- npm list @anthropic-ai/claude-code
- npm ls @anthropic-ai/claude-code
Additionally, verify if users are running ZSH by checking their shell environment with:
- echo $SHELL
Monitoring for unusual file writes outside expected directories or unexpected file creation events could also indicate exploitation attempts, but no specific detection commands are provided in the available resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to write arbitrary files outside the intended directories without user permission prompts, potentially compromising system confidentiality, integrity, and availability.'}, {'type': 'paragraph', 'content': 'Such unauthorized file writes and potential data compromise could lead to violations of compliance requirements in standards and regulations like GDPR and HIPAA, which mandate strict controls over data confidentiality and integrity.'}, {'type': 'paragraph', 'content': "Therefore, if exploited, this vulnerability could negatively impact an organization's ability to maintain compliance with these regulations."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Claude Code to version 2.0.74 or later, where the vulnerability has been patched.
If you are managing systems with manual updates, ensure that you perform the update as soon as possible.
Users with standard auto-update enabled should already have received the fix.
Additionally, limit the ability to inject untrusted content into Claude Code context windows and consider restricting the use of ZSH shell if possible until the update is applied.