CVE-2026-46406

Source
https://cve.org/CVERecord?id=CVE-2026-46406
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46406.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46406
Aliases
Downstream
Published
2026-06-29T14:03:14.683Z
Modified
2026-07-15T01:49:08.399438002Z
Severity
  • 4.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write
Details

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200",
        "CWE-377",
        "CWE-59"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46406.json"
}
References

Affected packages

Git / github.com/anthropics/claude-code

Affected ranges

Type
GIT
Repo
https://github.com/anthropics/claude-code
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
    "extracted_events": [
        {
            "introduced": "2.1.59"
        },
        {
            "fixed": "2.1.128"
        },
        {
            "introduced": "2.1.58"
        }
    ]
}

Affected versions

v2.*
v2.1.100
v2.1.101
v2.1.104
v2.1.105
v2.1.107
v2.1.108
v2.1.109
v2.1.110
v2.1.111
v2.1.112
v2.1.113
v2.1.114
v2.1.116
v2.1.117
v2.1.118
v2.1.119
v2.1.120
v2.1.121
v2.1.122
v2.1.123
v2.1.126
v2.1.59
v2.1.61
v2.1.62
v2.1.63
v2.1.66
v2.1.68
v2.1.69
v2.1.70
v2.1.71
v2.1.72
v2.1.73
v2.1.74
v2.1.75
v2.1.76
v2.1.77
v2.1.78
v2.1.79
v2.1.80
v2.1.81
v2.1.83
v2.1.84
v2.1.85
v2.1.86
v2.1.87
v2.1.88
v2.1.89
v2.1.90
v2.1.91
v2.1.92
v2.1.94
v2.1.96
v2.1.97
v2.1.98

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46406.json"