CVE-2026-24887
Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
In short
Claude Code had a flaw that let attackers bypass the safety confirmation prompt by sneaking malicious commands into the find command, allowing untrusted code to run without user approval. This matters because it undermines the built-in protections designed to prevent accidental execution of harmful operations.
Technical detail
A command parsing vulnerability in Claude Code prior to version 2.0.72 allowed command injection through the find command, enabling attackers to circumvent the confirmation prompt (CWE-78, CWE-94). The attack vector required injecting untrusted content into the Claude Code context window; successful exploitation resulted in arbitrary command execution without user consent.
Summary generated and translated by AI from the official description.
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.72.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
anthropics · claude-codeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →