CVE-2026-25722
BaseFortify
Publication date: 2026-02-06
Last updated on: 2026-02-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 2.0.57 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25722 is a high-severity vulnerability in the Claude Code tool prior to version 2.0.57. The issue occurs because the software fails to properly validate directory changes when combined with write operations to protected folders.
Specifically, an attacker could use the cd command to navigate into sensitive directories like .claude and bypass write protection, allowing them to create or modify files without user confirmation.
Exploitation requires the ability to inject untrusted content into a Claude Code context window. This vulnerability involves improper input validation and improper neutralization of special elements used in OS commands.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can impact the confidentiality, integrity, and availability of the affected system at a high level.
- Confidentiality: Unauthorized creation or modification of files in protected directories can expose sensitive data.
- Integrity: Attackers can alter files without user confirmation, potentially injecting malicious code or corrupting data.
- Availability: Malicious modifications could disrupt normal operations or cause system instability.
The vulnerability has a network attack vector, low attack complexity, requires no privileges, and only passive user interaction, making it relatively easy to exploit if the attacker can inject untrusted content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying attempts to use the `cd` command within Claude Code to navigate into protected directories such as `.claude` and perform write operations without user confirmation.
Since exploitation requires injecting untrusted content into a Claude Code context window, monitoring logs or command histories for unusual directory changes or write attempts to protected folders may help detect exploitation attempts.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Claude Code to version 2.0.57 or later, where the vulnerability has been patched.
Users who rely on manual updates should promptly apply this update to prevent exploitation.
Additionally, avoid injecting untrusted content into Claude Code context windows to reduce the risk of exploitation.