CVE-2026-25722
CRITICAL
GHSA-66q4-vfjg-2qhh
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3Description
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.
Analysis
Claude Code prior to version 2.0.57 failed to properly validate MCP tool inputs, allowing malicious MCP servers to inject commands through tool responses.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Claude Code deployments and document current versions in use; disable Claude Code in production environments where feasible. Within 7 days: Implement network segmentation to restrict Claude Code instances from accessing sensitive folders and implement enhanced logging/monitoring of file system activities. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today