CVE-2026-25723: Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p
mediumvulnerabilityLLM-Specific
security
Summary
Claude Code (an AI tool that can write and run code automatically) had a security flaw before version 2.0.55 where it didn't properly check certain commands, allowing attackers to write files to protected folders they shouldn't be able to access, as long as they could get Claude Code to run commands with the "accept edits" feature turned on.
Solution / Mitigation
This issue has been patched in version 2.0.55.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
AI Component TargetedAgent
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25723
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%