www.sentinelone.com
Multiple Vulnerabilities in Claude Code Expose Users to Security Risks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Claude Code, an agentic coding tool by Anthropic, has been found to have multiple vulnerabilities affecting various versions. CVE-2026-33068 allows attackers to bypass the trust dialog, enabling arbitrary tool execution without user consent. CVE-2026-25723 permits file write restrictions to be bypassed through improper command validation, potentially leading to system compromise. CVE-2026-21852 enables data exfiltration of sensitive API keys before user trust is confirmed. CVE-2025-59536 allows code execution prior to user acceptance of the startup trust dialog. Users are advised to update to the latest versions to mitigate these risks. The vulnerabilities primarily affect users of Claude Code versions prior to the specified patches. The attack vectors involve network access and user interaction, highlighting the need for vigilance in repository management and command execution.
Key Points: • CVE-2026-33068 allows bypassing of trust dialogs in Claude Code. • CVE-2026-25723 enables unauthorized file writes to sensitive directories. • Users are urged to update to the latest versions to address these vulnerabilities.