{"id":9704,"date":"2025-08-04T20:52:08","date_gmt":"2025-08-04T20:52:08","guid":{"rendered":"http:\/\/localhost\/?p=9704"},"modified":"2025-08-04T20:52:08","modified_gmt":"2025-08-04T20:52:08","slug":"claude-code-research-preview-has-a-path-restriction-bypass-which-could-allow-unauthorized-file-acces","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9704","title":{"rendered":"Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nClaude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-05T00:08:13.864Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-05T00:08:13.864Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nanthropics<\/td>\n<\/tr>\n
Product<\/th>\nclaude-code<\/td>\n<\/tr>\n
Version<\/th>\n< 0.2.111<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.7 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:P\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA path validation flaw in Claude Code allows attackers to bypass directory restrictions and access files outside the current working directory by exploiting a prefix matching vulnerability.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nAnthropics<\/td>\n<\/tr>\n
AI Product<\/th>\nClaude Code<\/td>\n<\/tr>\n
AI Version<\/th>\nVersions below 0.2.111<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n