Symlink Attack Affecting @anthropic-ai/claude-code package, versions >=2.1.38 <2.1.163


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.71% (49th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-ANTHROPICAICLAUDECODE-17817924
  • published5 Jul 2026
  • disclosed29 Jun 2026
  • creditUnknown

Introduced: 29 Jun 2026

NewCVE-2026-55607  (opens in a new tab)
CWE-59  (opens in a new tab)

How to fix?

Upgrade @anthropic-ai/claude-code to version 2.1.163 or higher.

Overview

@anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you.

Affected versions of this package are vulnerable to Symlink Attack in the handling of worktrees when interacting with repositories containing specially crafted symbolic links and directory names. An attacker can execute arbitrary code outside of sandbox restrictions by convincing a user to clone a malicious repository and run the application against its contents. This can result in the overwriting of configuration files in the user's home directory, such as .zshenv, leading to unauthorized code execution.

CVSS Base Scores

version 4.0
version 3.1