CNNVD-202602-979 Information
Feb 06, 2026
cve
CNNVD ID
CNNVD-202602-979
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Claude Code是Anthropic开源的一个终端原生AI编程工具。 Claude Code 2.0.57之前版本存在操作系统命令注入漏洞,该漏洞源于未能正确验证目录更改与对受保护文件夹的写入操作结合的情况,可能导致绕过写入保护。
Description (English)
Claude Code is a terminal primary AI programming tool from Anthropic open source. The previous version of Claude Code 2.0.57 contained a loophole in the operating system command, which resulted from the failure to correctly verify that the directory changes were combined with the writing of protected folders and could lead to circumventing the writing protection.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Anthropic
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh
Patch
https://github.com/anthropics/claude-code/tags
Share on: