Claude Code 2.1.7 Deny Rule Bypass via Symlink
CVE-2026-25724 Published on February 6, 2026

Claude Code Has Permission Deny Bypass Through Symbolic Links
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.

NVD

Weakness Types

What is a Symlink following Vulnerability?

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files. A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

CVE-2026-25724 has been classified to as a Symlink following vulnerability or weakness.

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-25724 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2026-25724

Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.

Anthropic Claude Code
 

Affected Versions

anthropics claude-code Version < 2.1.7 is affected by CVE-2026-25724

Exploit Probability

EPSS
0.06%
Percentile
18.09%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.