CNNVD-202602-977 Information
CNNVD ID
CNNVD-202602-977
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Claude Code是Anthropic开源的一个终端原生AI编程工具。 Claude Code 2.1.2之前版本存在安全漏洞,该漏洞源于bubblewrap沙盒机制在启动时若.claude/settings.json文件不存在则未能妥善保护该文件,可能导致恶意代码创建该文件并注入持久化钩子。
Description (English)
Claude Code is a terminal primary AI programming tool from Anthropic open source. The previous version of Claude Code 2.1.2 had a security loophole, which stemmed from the failure of the Bubblewrap sandbox mechanism to properly protect the document if the.claude/settings.json file did not exist at the time of its launch, which could lead to the creation of the file by malicious code and the injection of persistent hooks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Anthropic
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf
Patch
https://github.com/anthropics/claude-code/tags
Share on: