CVE-2026-25723

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.55

Description Claude Code, an agentic coding tool, exhibited a flaw in command validation. Specifically, the software did not adequately validate commands utilizing piped sed operations with the echo command. This allowed attackers to circumvent file write restrictions, potentially enabling them to write to sensitive directories such as the .claude folder and locations outside the intended project scope. Successful exploitation required the ability to execute commands through Claude Code with the "accept edits" feature enabled.

Recommendations Update to version 2.0.55 or later.