CVE-2026-25724

HIGH

Claude Code <2.1.7 - Info Disclosure

Title source: llm

Description

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.

References (2)

[Various Sources] https://www.terra.security/blog/when-ai-becomes-the-attack-surface-lessons-from-discovering-cve-2026-25724

[Third Party Advisory] https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285 CWE-61

Status published

Products (3)

anthropic/claude_code < 2.1.7

anthropic-ai/claude-code 0 - 2.1.7npm

anthropics/claude-code < 2.1.7

Published Feb 06, 2026

Tracked Since Feb 18, 2026