AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-25724: Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configu

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseFebruary 6, 2026CVE-2026-25724

Summary

Claude Code (an AI tool that can write and modify software) before version 2.1.7 had a security flaw where it could bypass file access restrictions through symbolic links (shortcuts that point to other files). If a user blocked Claude Code from reading a sensitive file like /etc/passwd, the tool could still read it by accessing a symbolic link pointing to that file, bypassing the security controls.

Solution / Mitigation

Update Claude Code to version 2.1.7 or later. According to the source: 'This issue has been patched in version 2.1.7.'

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-61 CWE-285

Affected Vendors

Anthropic

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 92%