CVE-2026-25722
EPSS 0.19%Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Published: 2/6/2026Modified: 2/6/2026
Also known as:GHSA-66q4-vfjg-2qhh
Description
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the `cd` command to navigate into sensitive directories like `.claude`, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically. Users performing manual updates are advised to update to the latest version. About Claude Code thanks hackerone.com/nil221 for reporting this issue!
Affected packages (1)
- npm/@anthropic-ai/claude-codefrom 0, < 2.0.57
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |