Primary

Context

Claude Code Command Injection Vulnerability in find Command Prior to Version 2.0.72

Vulnerability

A command injection vulnerability has been identified in Claude Code, an agentic coding tool, in versions prior to 2.0.72. The issue arises from a flaw in command parsing that allows users to bypass the confirmation prompt and execute untrusted commands via the find command. Exploitation of this vulnerability requires the ability to introduce untrusted content into a Claude Code context window.

Impact

Exploitation of this vulnerability allows for command injection, enabling the execution of untrusted commands without user approval.

Remediation

Users on standard Claude Code auto-update have already received the patch. Those performing manual updates should update to the latest version.

Added: Feb 3, 2026, 9:18 PM

Updated: Feb 3, 2026, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code Command Injection Vulnerability in find Command Prior to Version 2.0.72

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating