Primary

Context

Claude Code Code Injection Vulnerability

Vulnerability

A code injection vulnerability has been identified in Claude Code versions prior to 1.0.111. This issue arises from a flaw in the startup trust dialog implementation, allowing the application to execute code within a project before the user has accepted the trust dialog. Exploitation of this vulnerability requires the user to launch Claude Code in an untrusted directory.

Impact

Exploitation of this vulnerability allows for arbitrary code execution within the context of the user running Claude Code.

Remediation

Users on the standard Claude Code auto-update channel have received the fix automatically. Those performing manual updates should update to the latest version.

Added: Oct 3, 2025, 7:19 AM

Updated: Oct 3, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating