SB2026061829 - Multiple vulnerabilities in Claude Code
Published: June 18, 2026 Updated: June 30, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Permissive List of Allowed Inputs (CVE-ID: CVE-2026-54316)
CWE-ID: CWE-183 - Permissive List of Allowed Inputs
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to a permissive allowlist in the WebFetch tool when processing requests to pre-approved huggingface.co paths. A remote attacker can inject untrusted content into a Claude Code context to trigger WebFetch requests to attacker-controlled repository files and disclose sensitive information.
Exploitation requires the ability to add untrusted content into a Claude Code context window, and the issue creates a covert out-of-band exfiltration channel through server-side download requests.
2) Path traversal (CVE-ID: CVE-2026-55607)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code outside of the sandbox.
The vulnerability exists due to path traversal in git worktree handling when processing a malicious repository during worktree operations. A remote user can supply a crafted repository with symlink manipulation and prompt injection content to overwrite files in the user's home directory and execute arbitrary code outside of the sandbox.
Reliable exploitation requires the user to clone a malicious repository and run Claude Code against it.
Remediation
Install update from vendor's website.