Claude Code Has Permission Deny Bypass Through Symbolic Links

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.

Basic Information

ID CVE-2026-25724

Source GitHub_M

Published Feb 6, 2026 at 17:53

Modified Feb 6, 2026 at 19:23

Affected Product

Vendor anthropics

Product claude-code

Version < 2.1.7

Affected Versions anthropics claude-code < 2.1.7

CWE Classification

CWE-61 CWE-285

References

github.com /anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx

{
    "lastseen": "",
    "description": "Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.",
    "published": "2026-02-06T17:53:16.004Z",
    "modified": "2026-02-06T19:23:48.894Z",
    "type": "cve",
    "title": "Claude Code Has Permission Deny Bypass Through Symbolic Links",
    "source": "GitHub_M",
    "references": "https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx",
    "id": "CVE-2026-25724",
    "bulletinFamily": "",
    "cwe": [
        "CWE-61",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "anthropics claude-code < 2.1.7",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "claude-code",
    "version": "< 2.1.7",
    "vendor": "anthropics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Claude Code Has Permission Deny Bypass Through Symbolic Links_CVE-2026-25724