CVE-2026-25724
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-06

Last updated on: 2026-03-27

Assigner: GitHub, Inc.

Description
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25724
EUVD
EUVD-2026-5614
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anthropic claude_code to 2.1.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25724 is a low-severity vulnerability in the Claude Code tool prior to version 2.1.7. The issue occurs because Claude Code does not properly enforce deny rules configured in settings.json when accessing files through symbolic links.

Specifically, if a user denies Claude Code access to a file (for example, /etc/passwd), but Claude Code has access to a symbolic link pointing to that file, it can bypass the deny rule and read the restricted file via the symlink.

This vulnerability relates to improper handling of symbolic links (CWE-61) and improper authorization (CWE-285), meaning the software fails to correctly check permissions when following symlinks.

Impact Analysis

This vulnerability can allow unauthorized reading of files that a user has explicitly denied Claude Code access to, by exploiting symbolic links.

The impact is considered low severity with limited confidentiality, integrity, and availability loss. No privileges or user interaction are required to exploit it, and it can be triggered remotely over the network.

There is no indication of further system compromise or significant damage beyond unauthorized file reading.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves Claude Code versions prior to 2.1.7 improperly enforcing deny rules on files accessed via symbolic links. Detection involves identifying if your system is running a vulnerable version of Claude Code and checking for unauthorized access attempts through symbolic links.

  • Check the installed version of Claude Code to verify if it is older than 2.1.7.
  • Use commands to find symbolic links pointing to sensitive files, for example: `find / -type l -ls | grep passwd` to locate symlinks to /etc/passwd.
  • Monitor logs or audit file accesses to sensitive files via symlinks, if logging is enabled.
  • Check for unusual read operations on restricted files through symlinks by Claude Code processes.
Mitigation Strategies

The primary mitigation step is to upgrade Claude Code to version 2.1.7 or later, where this vulnerability has been patched.

If automatic updates are not enabled, manually update the package to ensure deny rules are properly enforced.

As a temporary measure, restrict or monitor access to symbolic links pointing to sensitive files to prevent unauthorized reads.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25724. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart