Code Execution Vulnerability in Claude Code by Anthropics

CVE-2026-55607

What is CVE-2026-55607?

CVE-2026-55607 is a significant vulnerability affecting Claude Code, an agentic coding tool developed by Anthropics. This vulnerability primarily concerns the handling of worktrees from versions 2.1.38 through 2.1.163, which allows an attacker to exploit the software's functionalities. Specifically, the problem arises from the capability to create worktrees with names like ".git" and navigate outside the intended sandbox environment. By harnessing symlink manipulation and executing git fsmonitor commands, an attacker could potentially overwrite sensitive files located in the user's home directory. This could lead to code execution that escapes the restrictions imposed by the software's sandboxing mechanisms. For successful exploitation, the user must clone a malicious repository containing prompt injection content and initiate Claude Code with it. A patch addressing this vulnerability has been included in version 2.1.163.

Potential impact of CVE-2026-55607

1. Unauthorized Code Execution: The vulnerability allows attackers to execute arbitrary code within the user's environment, potentially compromising system integrity and confidentiality.

2. Data Compromise: Exploitation could result in overwriting crucial configuration files or other sensitive data, leading to unauthorized access to information and potential data loss.

3. Escalation of Privileges: Given that the exploit allows code execution outside of the sandbox context, it can enable attackers to escalate privileges within the system, facilitating further attacks or persistence within the network.

References