CVE-2026-25723
BaseFortify
Publication date: 2026-02-06
Last updated on: 2026-02-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 2.0.55 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-25723 is a high-severity command injection vulnerability in the Claude Code tool prior to version 2.0.55. The issue arises because Claude Code fails to properly validate commands that use piped sed operations combined with the echo command. This improper validation allows attackers to bypass file write restrictions.'}, {'type': 'paragraph', 'content': 'As a result, attackers can write files to sensitive directories such as the .claude folder and other paths outside the intended project scope. Exploiting this vulnerability requires the attacker to have the ability to execute commands through Claude Code with the "accept edits" feature enabled.'}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves monitoring for command execution patterns that include piped sed operations combined with the echo command within Claude Code, especially when the "accept edits" feature is enabled.'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows attackers to bypass file write restrictions and write to sensitive directories like the .claude folder, checking for unexpected file writes or modifications in these directories can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Network-based detection can include monitoring for unusual command execution requests sent to Claude Code, particularly those that involve shell commands with echo and sed pipes.'}, {'type': 'paragraph', 'content': 'Specific commands to detect suspicious activity might include:'}, {'type': 'list_item', 'content': 'Using file system monitoring tools (e.g., inotifywait on Linux) to watch for unexpected writes in the .claude directory.'}, {'type': 'list_item', 'content': 'Searching logs or command histories for patterns like `echo ... | sed ...` executed by Claude Code processes.'}, {'type': 'list_item', 'content': 'Using network monitoring tools to detect unusual or unauthorized command execution requests targeting Claude Code.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to upgrade Claude Code to version 2.0.55 or later, where this vulnerability has been patched.'}, {'type': 'paragraph', 'content': 'If automatic updates are not enabled, users should manually update the npm package @anthropic-ai/claude-code to the fixed version.'}, {'type': 'paragraph', 'content': 'Additionally, consider disabling the "accept edits" feature until the update is applied, as exploitation requires this feature to be enabled.'}, {'type': 'paragraph', 'content': 'Monitoring and restricting command execution permissions within Claude Code can also reduce risk.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized attackers to write files to sensitive directories and locations outside the project scope, potentially leading to unauthorized data disclosure, modification, or disruption of service.
The vulnerability affects the confidentiality, integrity, and availability of the affected system at a high level. Because the attack vector is network-based and requires no privileges, it can be exploited remotely with low complexity.