Main Vulnerability Database SB2026043044

SB2026043044 - Improper access control in Claude Code

Published: April 30, 2026

Security Bulletin ID SB2026043044

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2025-52882)

The vulnerability allows a remote attacker to disclose sensitive information and, in limited situations, execute code.

The vulnerability exists due to improper access control in the websocket connection handling of Claude Code IDE extensions when visiting attacker-controlled webpages. A remote attacker can establish an unauthorized websocket connection to disclose sensitive information and, in limited situations, execute code.

User interaction is required to visit an attacker-controlled webpage, and code execution is limited to situations where a Jupyter Notebook is open and a malicious prompt is accepted.

Remediation

Install update from vendor's website.

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-9f65-56v6-gxw7