Plataforma
nodejs
Componente
@anthropic-ai/claude-code
Corrigido em
2.0.73
2.0.72
CVE-2026-24887 describes a Command Injection vulnerability discovered in the @anthropic-ai/claude-code Node.js package. This flaw allows attackers to bypass the confirmation prompt and execute arbitrary commands through the 'find' command, potentially leading to system compromise. The vulnerability affects versions prior to 2.0.72; users on auto-update have already received the fix, while manual update users should upgrade immediately.
Successful exploitation of CVE-2026-24887 allows an attacker to execute arbitrary commands on the system running the @anthropic-ai/claude-code package. This is achieved by manipulating the context window to inject malicious commands that bypass the intended confirmation process. The impact can range from information disclosure (reading sensitive files) to complete system takeover, depending on the privileges of the process running the package. The requirement to add untrusted content into the context window introduces a dependency on the attacker's ability to influence the input provided to Claude Code, but once achieved, the command execution is relatively straightforward. This vulnerability shares similarities with other command injection flaws where improper input sanitization leads to unintended command execution.
CVE-2026-24887 was reported through HackerOne by Alex Bernier and publicly disclosed on 2026-02-03. There is currently no indication of active exploitation or KEV listing. The vulnerability's reliance on context window manipulation suggests a relatively low probability of widespread exploitation, but the potential impact warrants prompt remediation. No public proof-of-concept code has been released as of this writing.
Applications and services utilizing the @anthropic-ai/claude-code Node.js package are at risk, particularly those that allow user-controlled input into the Claude Code context window. Developers integrating Claude Code into custom applications and those relying on automated dependency updates are especially vulnerable if they are using versions prior to 2.0.72.
• nodejs / supply-chain:
npm list @anthropic-ai/claude-code
# Check version, should be >= 2.0.72• generic web:
curl -I <URL_USING_CLAUDE_CODE>
# Inspect response headers for unusual content or error messages related to command execution.disclosure
Status do Exploit
EPSS
0.04% (percentil 14%)
CISA SSVC
The primary mitigation for CVE-2026-24887 is to upgrade to version 2.0.72 or later of the @anthropic-ai/claude-code package. For environments where immediate upgrades are not feasible, consider implementing input validation and sanitization on any data passed to the 'find' command within the package. While a direct WAF rule is unlikely to be effective due to the nature of the vulnerability, restricting the context window input and carefully reviewing the data sources used by Claude Code can reduce the attack surface. There are no specific rollback steps beyond reverting to a previous, vulnerable version, which is not recommended. After upgrading, confirm the fix by attempting to inject malicious commands into the context window and verifying that the confirmation prompt is enforced.
Actualice Claude Code a la versión 2.0.72 o posterior. Esta versión corrige la vulnerabilidad de inyección de comandos. La actualización evitará la ejecución de comandos no confiables.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-24887 is a Command Injection vulnerability affecting versions of @anthropic-ai/claude-code before 2.0.72. It allows attackers to bypass confirmation prompts and execute commands by manipulating the context window.
You are affected if you are using @anthropic-ai/claude-code versions prior to 2.0.72. Check your project dependencies to determine if you are vulnerable.
Upgrade to version 2.0.72 or later of @anthropic-ai/claude-code. Implement input validation and sanitization as a temporary workaround if immediate upgrades are not possible.
There is currently no evidence of active exploitation, but the potential impact warrants prompt remediation.
Refer to the HackerOne report and the @anthropic-ai/claude-code release notes for details on this vulnerability.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.