Vinai

**Name of the Vulnerable Software and Affected Versions** Claude Code versions prior to 1.0.120 **Description** An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had access to a symlink pointing to that file, Claude Code could still access the restricted file. This occurred because the system failed to account for symlinks when evaluating permission restrictions. **Recommendations** Update to version 1.0.120 or later.