CVE-2026-25722: Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change
Summary
Claude Code, an agentic coding tool (AI software that can write and execute code), had a security flaw in versions before 2.0.57 where it failed to properly check directory changes. An attacker could use the cd command (change directory, which moves to a different folder) to navigate into protected folders like .claude and bypass write protections, allowing them to create or modify files without the user's approval, especially if they could inject malicious instructions into the tool's context window (the information the AI reads before responding).
Solution / Mitigation
This issue has been patched in version 2.0.57.
Vulnerability Details
9.1(critical)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25722
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%