CVE-2026-25723
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-06

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25723
EUVD
EUVD-2026-5637
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 2.0.55 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Impact Analysis

This vulnerability can impact you by allowing unauthorized attackers to write files to sensitive directories and locations outside the project scope, potentially leading to unauthorized data disclosure, modification, or disruption of service.

The vulnerability affects the confidentiality, integrity, and availability of the affected system at a high level. Because the attack vector is network-based and requires no privileges, it can be exploited remotely with low complexity.

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-25723 is a high-severity command injection vulnerability in the Claude Code tool prior to version 2.0.55. The issue arises because Claude Code fails to properly validate commands that use piped sed operations combined with the echo command. This improper validation allows attackers to bypass file write restrictions.'}, {'type': 'paragraph', 'content': 'As a result, attackers can write files to sensitive directories such as the .claude folder and other paths outside the intended project scope. Exploiting this vulnerability requires the attacker to have the ability to execute commands through Claude Code with the "accept edits" feature enabled.'}] [1]

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves monitoring for command execution patterns that include piped sed operations combined with the echo command within Claude Code, especially when the "accept edits" feature is enabled.'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows attackers to bypass file write restrictions and write to sensitive directories like the .claude folder, checking for unexpected file writes or modifications in these directories can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Network-based detection can include monitoring for unusual command execution requests sent to Claude Code, particularly those that involve shell commands with echo and sed pipes.'}, {'type': 'paragraph', 'content': 'Specific commands to detect suspicious activity might include:'}, {'type': 'list_item', 'content': 'Using file system monitoring tools (e.g., inotifywait on Linux) to watch for unexpected writes in the .claude directory.'}, {'type': 'list_item', 'content': 'Searching logs or command histories for patterns like `echo ... | sed ...` executed by Claude Code processes.'}, {'type': 'list_item', 'content': 'Using network monitoring tools to detect unusual or unauthorized command execution requests targeting Claude Code.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to upgrade Claude Code to version 2.0.55 or later, where this vulnerability has been patched.'}, {'type': 'paragraph', 'content': 'If automatic updates are not enabled, users should manually update the npm package @anthropic-ai/claude-code to the fixed version.'}, {'type': 'paragraph', 'content': 'Additionally, consider disabling the "accept edits" feature until the update is applied, as exploitation requires this feature to be enabled.'}, {'type': 'paragraph', 'content': 'Monitoring and restricting command execution permissions within Claude Code can also reduce risk.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25723. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart