Claude Code Directory Validation RCE Cve-2026-25722 Fixed 2.0.57
CVE-2026-25722 Published on February 6, 2026
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.
Weakness Types
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-25722 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2026-25722
Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.
Affected Versions
anthropics claude-code Version < 2.0.57 is affected by CVE-2026-25722Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.