CVE-2026-39861 | Anthropic claude-code up to 2.1.63 Symlink path traversal (GHSA-vp62-r36r-9xqp)

A vulnerability described as critical has been identified in Anthropic claude-code up to 2.1.63. The impacted element is an unknown function of the component Symlink Handler. The manipulation results in path traversal.

This vulnerability was named CVE-2026-39861. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More