Command Injection in Claude Code <2.0.74 via ZSH Clobber Syntax
CVE-2026-24053 Published on February 3, 2026
Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74.
Weakness Types
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2026-24053 has been classified to as a Directory traversal vulnerability or weakness.
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-24053 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2026-24053
Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.
Affected Versions
anthropics claude-code Version < 2.0.74 is affected by CVE-2026-24053Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.