How to fix CVE-2026-39861?

Within 24 hours: Verify Claude Code deployment version across development teams and identify any instances running versions prior to 2.1.64. Within 7 days: Deploy Claude Code version 2.1.64 or later to all affected systems via standard update channels; confirm successful deployment on 100% of endpoints. Within 30 days: Conduct threat assessment to identify whether any instances processed suspicious prompts during the vulnerability window; review file modification logs on development systems for unauthorized symlink-based writes outside workspace directories.

Is Claude Code affected by CVE-2026-39861?

Claude Code versions prior to 2.1.64 contain a sandbox escape vulnerability enabling arbitrary file writes and potential code execution through symlink exploitation combined with prompt injection.

CVE-2026-39861

EUVD-2026-24033 HIGH

2026-04-21 GitHub_M

Path Traversal RCE Claude Code

7.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

patch_available

Apr 21, 2026 - 02:01 EUVD

Analysis Generated

Apr 21, 2026 - 01:23 vuln.today

CVSS Changed

Apr 21, 2026 - 01:22 NVD

7.7 (HIGH)

DescriptionNVD

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination could write to arbitrary locations, potentially leading to code execution outside the sandbox. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window to trigger sandboxed code execution via prompt injection. Users on standard Claude Code auto-update have received this fix automatically. Users performing manual updates are advised to update to version 2.1.64 or later.

AnalysisAI

Sandbox escape in Claude Code (agentic coding tool) versions prior to 2.1.64 enables arbitrary file writes outside the workspace via symlink exploitation, potentially achieving code execution. The vulnerability chains symlink creation in the sandbox with unsandboxed file-write operations, bypassing user confirmation prompts. …

RemediationAI

Within 24 hours: Verify Claude Code deployment version across development teams and identify any instances running versions prior to 2.1.64. Within 7 days: Deploy Claude Code version 2.1.64 or later to all affected systems via standard update channels; confirm successful deployment on 100% of endpoints. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-39861 vulnerability details – vuln.today

Back

CVE-2026-39861

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CVE-2026-39861

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code