{"data":{"id":"c8ecc626-723e-4714-8a34-8b9c17576908","title":"CVE-2026-55607: Claude Code is an agentic coding tool.  From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of w","summary":"Claude Code, a tool that uses AI to help write software, had a security flaw in versions 2.1.38 through 2.1.163 where it could be tricked into creating special folders named '.git' and accessing files outside its restricted sandbox (a controlled environment that limits what software can access). An attacker could exploit this by creating a malicious code repository and convincing a user to run Claude Code on it, potentially allowing the attacker to run commands on the user's computer outside the sandbox's protections.","solution":"This vulnerability is fixed in version 2.1.163.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55607","publishedAt":"2026-06-29T15:16:41.597Z","cveId":"CVE-2026-55607","cweIds":["CWE-22","CWE-59","CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-29T15:16:41.597Z","capecIds":["CAPEC-126","CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}