Description
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r
Scores
CVSS v3
6.5
EPSS
0.0046
EPSS Percentile
36.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
CWE-79
Status
published
Products (2)
anthropic/claude_code
< 2.0.74
anthropic-ai/claude-code
0 - 2.0.74npm
Published
Feb 03, 2026
Tracked Since
Feb 18, 2026