Claude Code Path Validation Flaw Allows Directory Restriction Bypass and Unauthorized File Access
Vulnerability
A path validation vulnerability has been identified in Claude Code versions prior to 0.2.111. The issue arises from the use of prefix matching for path validation, which can be exploited to bypass directory restrictions and access files outside the current working directory (CWD). Successful exploitation requires a directory with a prefix matching the CWD and the ability to introduce untrusted content into a Claude Code context window.
Impact
Exploitation of this vulnerability could lead to unauthorized access to files outside the designated directory, potentially allowing sensitive information to be accessed or manipulated.
Remediation
Users of Claude Code on standard auto-update received the patch to version 0.2.111 automatically. Current users are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.