CNNVD-202602-903 Information

CNNVD ID

CNNVD-202602-903

Related CVE

CVE-2026-25724

• CNNVD Published: 2026-02-06

Description (Chinese)

Claude Code是Anthropic开源的一个终端原生AI编程工具。 Claude Code 2.1.7之前版本存在授权问题漏洞，该漏洞源于通过符号链接访问文件时未能严格执行settings.json中配置的拒绝规则，可能导致读取受限制的文件。

Description (English)

Claude Code is a terminal primary AI programming tool from Anthropic open source. The previous version of Claude Code 2.1.7 had a mandate gap, which stemmed from the failure to strictly enforce the rejection rules configured in settings.json when accessing documents through a symbol link, which could lead to access to restricted documents.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Anthropic

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx https://access.redhat.com/security/cve/cve-2026-25724

Patch

https://github.com/anthropics/claude-code/tags