Vulnerabilities in anthropics
31 resultsCVE-2026-33068HIGHClaude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings FileEPSS 0.3%CVE-2025-52882HIGHClaude Code IDE extensions allow websocket connections from arbitrary originsEPSS 0.3%CVE-2026-34451MEDIUMClaude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling DirectoriesEPSS 0.3%CVE-2026-40068HIGHClaude Code arbitrary code execution via git worktree commondir trust dialog bypassEPSS 0.3%CVE-2026-25723HIGHClaude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write RestrictionsEPSS 0.3%CVE-2026-44470HIGHClaude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMServiceEPSS 0.2%CVE-2026-34452MEDIUMClaude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox EscapeEPSS 0.1%CVE-2026-44467HIGHClaude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote SessionsEPSS 0.1%CVE-2026-34450MEDIUMClaude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory ToolEPSS 0.1%CVE-2026-41686MEDIUMClaude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory ToolEPSS 0.1%CVE-2026-35603MEDIUMClaude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on WindowsEPSS 0.1%