Vulnerabilidades en anthropics
30 resultadosCVE-2025-59536HIGHClaude Code's startup trust dialog could lead to Command Execution attackEPSS 29.3%CVE-2026-21852MEDIUMClaude Code Leaks Data via Malicious Environment Configuration Before Trust ConfirmationEPSS 23.0%CVE-2025-54795HIGHClaude Code echo command allowed bypass of user approval prompt for command executionEPSS 0.9%CVE-2025-54794HIGHClaude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file accessEPSS 0.9%CVE-2025-66032HIGHClaude Code Command Validation Bypass Allows Arbitrary Code ExecutionEPSS 0.6%CVE-2026-24887HIGHClaude Code has a Command Injection in find Command Bypasses User Approval PromptEPSS 0.6%CVE-2026-39861HIGHClaude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside WorkspaceEPSS 0.5%CVE-2025-58764HIGHClaude Code rg command had Command Injection that allowed bypass of user approval prompt for command executionEPSS 0.5%CVE-2025-59041HIGHClaude Code vulnerable to arbitrary code execution caused by maliciously configured git emailEPSS 0.5%CVE-2026-24053HIGHCluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File WritesEPSS 0.5%CVE-2025-65099HIGHClaude Code vulnerable to command execution prior to startup trust dialogEPSS 0.4%CVE-2025-55284HIGHClaude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude CodeEPSS 0.4%CVE-2026-25725HIGHClaude Code Has Sandbox Escape via Persistent Configuration Injection in settings.jsonEPSS 0.4%CVE-2025-64755HIGH@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File WritesEPSS 0.4%CVE-2025-59829LOWClaude Code: Permission deny bypass is possible through symlinkEPSS 0.4%CVE-2026-25724LOWClaude Code Has Permission Deny Bypass Through Symbolic LinksEPSS 0.4%CVE-2026-25722HIGHClaude Code Vulnerable to Command Injection via Directory Change Bypasses Write ProtectionEPSS 0.4%CVE-2025-59828HIGHClaude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn VersionsEPSS 0.3%CVE-2026-24052HIGHClaude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled DomainsEPSS 0.3%CVE-2026-33068HIGHClaude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings FileEPSS 0.3%