GHSA-mhg7-666j-cqg4

Suggest an improvement
Source
https://github.com/advisories/GHSA-mhg7-666j-cqg4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-mhg7-666j-cqg4/GHSA-mhg7-666j-cqg4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mhg7-666j-cqg4
Aliases
  • CVE-2026-25723
Published
2026-02-06T19:04:51Z
Modified
2026-02-06T20:11:41.330395Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Details

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled.

Users on standard Claude Code auto-update received this fix automatically. Users performing manual updates are advised to update to the latest version.

Claude Code thanks hackerone.com/nil221 for reporting this issue!

Database specific 
{
    "nvd_published_at": "2026-02-06T18:15:59Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-78"
    ],
    "github_reviewed_at": "2026-02-06T19:04:51Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

npm / @anthropic-ai/claude-code

Package

Name
@anthropic-ai/claude-code
View open source insights on deps.dev
Purl
pkg:npm/%40anthropic-ai/claude-code

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.55

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-mhg7-666j-cqg4/GHSA-mhg7-666j-cqg4.json"