Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN116
_____________________________________________________________________

DATE                : 04/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Claude Code versions prior to
                                   2.0.74.

=====================================================================
https://github.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w
https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r
https://github.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf
_____________________________________________________________________


Command Injection in find Command Bypasses User Approval Prompt
High
ddworken published GHSA-qgqw-h4xq-7w8w Feb 3, 2026
Package
@anthropic-ai/claude-code (npm)

Affected versions
< v2.0.72

Patched versions
v2.0.72


Description

Due to an error in command parsing, it was possible to bypass the 
Claude Code confirmation prompt to trigger execution of untrusted 
commands through the find command. Reliably exploiting this required 
the ability to add untrusted content into a Claude Code context window.

Users on standard Claude Code auto-update have received this fix 
already. Users performing manual updates are advised to update to the 
latest version.

Thank you to https://hackerone.com/alexbernier for reporting this 
issue!


Severity
High
7.7/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required None
User interaction Passive
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2026-24887

Weaknesses
Weakness CWE-78
Weakness CWE-94 

_____________________________________________________________________


Path Restriction Bypass via ZSH Clobber Allows Arbitrary File Writes
High
ddworken published GHSA-q728-gf8j-w49r Feb 3, 2026

Package
@anthropic-ai/claude-code (npm)

Affected versions
< v2.0.74

Patched versions
v2.0.74


Description

Due to a Bash command validation flaw in parsing ZSH clobber syntax, 
it was possible to bypass directory restrictions and write files 
outside the current working directory without user permission prompts. 
Exploiting this required the user to use ZSH and the ability to add 
untrusted content into a Claude Code context window.

Users on standard Claude Code auto-update have received this fix 
already. Users performing manual updates are advised to update to the 
latest version.

Thank you to https://hackerone.com/alexbernier for reporting this 
issue!


Severity
High
7.7/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required None
User interaction Passive
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2026-24053

Weaknesses
Weakness CWE-20
Weakness CWE-22
Weakness CWE-78 
_____________________________________________________________________


Domain Validation Bypass Allows Automatic Requests to 
Attacker-Controlled Domains

High
ddworken published GHSA-vhw5-3g5m-8ggf Feb 3, 2026

Software
@anthropic-ai/claude-code

Affected versions
< v1.0.111

Patched versions
v1.0.111


Description

Claude Code contained insufficient URL validation in its trusted 
domain verification mechanism for WebFetch requests. The application 
used a startsWith() function to validate trusted domains (e.g., 
docs.python.org, modelcontextprotocol.io), this could have enabled 
attackers to register domains like modelcontextprotocol.io.example.com 
that would pass validation. This could enable automatic requests to 
attacker-controlled domains without user consent, potentially leading 
to data exfiltration.

Users on standard Claude Code auto-update have received this fix 
already. Users performing manual updates are advised to update to the 
latest version.

Thank you to hackerone.com/47sid-praetorian for reporting this issue!


Severity
High
7.1/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required None
User interaction Passive
Vulnerable System Impact Metrics
Confidentiality High
Integrity None
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVE ID
CVE-2026-24052

Weaknesses
Weakness CWE-20
Weakness CWE-601 

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================