Ctrl + K
/ news / CVE
CVEPublished 2026-04-21Modified 2026-04-231 article on news5 live referencesNVD data

CVE-2026-39861Anthropic · Claude_code

Vulnerability data via NVD (ingested)

CVSS v3.1
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS percentile
Weaknesses (CWE)
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-61UNIX Symbolic Link (Symlink) Following
Description

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination could write to arbitrary locations, potentially leading to code execution outside the sandbox. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window to trigger sandboxed code execution via prompt injection. Users on standard Claude Code auto-update have received this fix automatically. Users performing manual updates are advised to update to version 2.1.64 or later.

Timeline
Published 2026-04-21
Modified 2026-04-23

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-39861
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Anthropic Claude Code"
All exposed Anthropic Claude Code instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Claude Code"
HTTP body or banner mentions "Claude Code" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-39861
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-39861
Censys host search filtered to this CVE id.
grep.app
CVE-2026-39861
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-39861
GitHub code search for direct mentions.
Google dork
"CVE-2026-39861" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (3)

CVE-2026-398613 repos
holmanholdings/lionguardPython
Cathedral-Grade Security for AI Agents. Attack vectors updated daily. Local-first, zero API cost. MIT licensed.
★ 7·updated 4d ago
cfgaudit/cfgauditGo
AI agent configuration security auditor - find misconfigurations in Claude Code, Cursor, and other AI tools
★ 4·updated 1d ago
randomm/pi-ensembleTypeScript
★ 2·updated today
Articles on news mentioning CVE-2026-39861