{"data":{"id":"58391471-c887-443a-8720-baf130d382fe","title":"CVE-2026-25723: Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p","summary":"Claude Code (an AI tool that can write and run code automatically) had a security flaw before version 2.0.55 where it didn't properly check certain commands, allowing attackers to write files to protected folders they shouldn't be able to access, as long as they could get Claude Code to run commands with the \"accept edits\" feature turned on.","solution":"This issue has been patched in version 2.0.55.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-25723","publishedAt":"2026-02-06T18:15:59.237Z","cveId":"CVE-2026-25723","cweIds":["CWE-20","CWE-78"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00124,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}