CVE-2026-25722

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.57

Description Claude Code, an agentic coding tool, did not properly validate directory changes when combined with write operations to protected folders. Utilizing the cd command to navigate into sensitive directories, such as .claude, allowed bypassing write protection, enabling the creation or modification of files without user confirmation. Successful exploitation required the ability to inject untrusted content into a Claude Code context window.

Recommendations Update to version 2.0.57 or later.