CVE-2026-25722
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-06

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25722
EUVD
EUVD-2026-5636
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 2.0.57 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25722 is a high-severity vulnerability in the Claude Code tool prior to version 2.0.57. The issue occurs because the software fails to properly validate directory changes when combined with write operations to protected folders.

Specifically, an attacker could use the cd command to navigate into sensitive directories like .claude and bypass write protection, allowing them to create or modify files without user confirmation.

Exploitation requires the ability to inject untrusted content into a Claude Code context window. This vulnerability involves improper input validation and improper neutralization of special elements used in OS commands.

Impact Analysis

Successful exploitation of this vulnerability can impact the confidentiality, integrity, and availability of the affected system at a high level.

  • Confidentiality: Unauthorized creation or modification of files in protected directories can expose sensitive data.
  • Integrity: Attackers can alter files without user confirmation, potentially injecting malicious code or corrupting data.
  • Availability: Malicious modifications could disrupt normal operations or cause system instability.

The vulnerability has a network attack vector, low attack complexity, requires no privileges, and only passive user interaction, making it relatively easy to exploit if the attacker can inject untrusted content.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves identifying attempts to use the `cd` command within Claude Code to navigate into protected directories such as `.claude` and perform write operations without user confirmation.

Since exploitation requires injecting untrusted content into a Claude Code context window, monitoring logs or command histories for unusual directory changes or write attempts to protected folders may help detect exploitation attempts.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade Claude Code to version 2.0.57 or later, where the vulnerability has been patched.

Users who rely on manual updates should promptly apply this update to prevent exploitation.

Additionally, avoid injecting untrusted content into Claude Code context windows to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25722. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart