Primary

Context

Claude Code Directory Change Vulnerability Bypasses Write Protection

Vulnerability

A vulnerability in Claude Code prior to version 2.0.57 allows users to bypass write protection in sensitive directories, such as .claude. This issue arises because the tool fails to properly validate directory changes when write operations are involved. Exploitation requires the ability to introduce untrusted content into a Claude Code context window.

Impact

Exploitation of this vulnerability could lead to unauthorized creation or modification of files in protected directories, without user confirmation.

Remediation

Users on standard Claude Code auto-update received this fix automatically. Users performing manual updates are advised to update to the latest version.

Added: Feb 6, 2026, 6:27 PM

Updated: Feb 6, 2026, 10:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

5.0

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

5.0

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code Directory Change Vulnerability Bypasses Write Protection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating