CVE-2026-24887
HIGH
GHSA-qgqw-h4xq-7w8w
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.72.
Analysis
Claude Code versions before 2.0.72 allow authenticated attackers to execute arbitrary commands by exploiting a command parsing defect that bypasses the execution confirmation prompt via malicious find command syntax. An attacker with the ability to inject untrusted content into a Claude Code context can trigger unintended command execution with high impact to confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Claude Code in use and document version numbers; restrict Claude Code access to trusted networks only. Within 7 days: Contact Anthropic for patch availability timeline and interim guidance; implement code review processes for all Claude Code output. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today