SB2026061829 - Multiple vulnerabilities in Claude Code



SB2026061829 - Multiple vulnerabilities in Claude Code

Published: June 18, 2026 Updated: June 30, 2026

Security Bulletin ID SB2026061829
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Permissive List of Allowed Inputs (CVE-ID: CVE-2026-54316)

CWE-ID: CWE-183 - Permissive List of Allowed Inputs

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a permissive allowlist in the WebFetch tool when processing requests to pre-approved huggingface.co paths. A remote attacker can inject untrusted content into a Claude Code context to trigger WebFetch requests to attacker-controlled repository files and disclose sensitive information.

Exploitation requires the ability to add untrusted content into a Claude Code context window, and the issue creates a covert out-of-band exfiltration channel through server-side download requests.


2) Path traversal (CVE-ID: CVE-2026-55607)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to execute arbitrary code outside of the sandbox.

The vulnerability exists due to path traversal in git worktree handling when processing a malicious repository during worktree operations. A remote user can supply a crafted repository with symlink manipulation and prompt injection content to overwrite files in the user's home directory and execute arbitrary code outside of the sandbox.

Reliable exploitation requires the user to clone a malicious repository and run Claude Code against it.


Remediation

Install update from vendor's website.