Zero Day MonitorZDM

← Back to list

9.1

CVE-2026-25722PATCHED

anthropic · claude_code

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd comm

Description

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.

Affected Products

Vendor	Product	Versions
anthropic	claude_code	< 2.0.57

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh(Vendor Advisory)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available2.0.57

CWECWE-20, CWE-78

PublishedFeb 6, 2026

Last enriched4d ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-22561

CVE-2026-22561: Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336

HIGHCVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application u

MEDIUMCVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file wri

HIGHCVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to dis

HIGHCVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before u

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 6, 2026

Patch Available

Feb 9, 2026

Discovered by ZDM

Mar 26, 2026