CNNVD-202602-978 Information
Feb 06, 2026
cve
CNNVD ID
CNNVD-202602-978
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Claude Code是Anthropic开源的一个终端原生AI编程工具。 Claude Code 2.0.55之前版本存在操作系统命令注入漏洞,该漏洞源于未能正确验证使用带echo命令的管道sed操作的命令,可能导致绕过文件写入限制。
Description (English)
Claude Code is a terminal primary AI programming tool from Anthropic open source. The previous version of Claude Code 2.0.55 had a bug in the operating system commands, which resulted from the failure to correctly verify the commands that operated with a conduit sed with an echo command, which could result in circumventing the document writing restriction.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Anthropic
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4
Patch
https://github.com/anthropics/claude-code/tags
Share on: