Primary

Context

Claude Code File Read and Network Exfiltration Vulnerability

Vulnerability

A vulnerability in Claude Code prior to version 1.0.4 allows users to bypass confirmation prompts for file reading and network transmission of file contents. This issue arises from an overly broad allowlist of safe commands, enabling unauthorized file access and data exfiltration. Exploitation requires the ability to introduce untrusted content into a Claude Code context window.

Impact

This vulnerability could lead to unauthorized file access and data exfiltration over the network.

Remediation

Users on standard Claude Code auto-update have received the patch to version 1.0.4. Current users of Claude Code are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update.

Added: Aug 16, 2025, 2:17 AM

Updated: Aug 16, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code File Read and Network Exfiltration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating