CVE-2026-24053
Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
In short
Claude Code had a flaw that allowed writing files outside allowed directories by using special ZSH syntax, bypassing safety checks. This could let attackers modify system files without the user knowing.
Technical detail
The vulnerability exists in Claude Code's Bash command validation logic, which fails to properly parse ZSH clobber operators, allowing path traversal (CWE-22) and potential stored XSS (CWE-79) through arbitrary file writes. Exploitation requires ZSH environment and malicious input injected into the Claude Code context; impact includes unauthorized file modification outside restricted directories without user prompts.
Summary generated and translated by AI from the official description.
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
anthropics · claude-codeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →