Claude Code 2.1.128 Local File Write/Read via /copy cmd
CVE-2026-46406 Published on June 29, 2026

Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.

NVD

Weakness Types

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2026-46406 has been classified to as an insecure temporary file vulnerability or weakness.

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2026-46406 has been classified to as an Information Disclosure vulnerability or weakness.

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.


Products Associated with CVE-2026-46406

Want to know whenever a new CVE is published for Anthropic Claude Code? stack.watch will email you.

 

Affected Versions

anthropics claude-code Version >= 2.1.59, < 2.1.128 is affected by CVE-2026-46406