CVE Catalog

CVE-2026-46406

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Claude Code versions 2.1.59 through 2.1.128 write responses from the /copy command to /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file is created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which may contain secrets or credentials.

Risk Assessment

A local unprivileged attacker can read Claude responses containing secrets or credentials, and by pre-creating a symlink at the predictable path, can cause overwriting of an arbitrary file on the system.

Recommendation

Upgrade Claude Code to version 2.1.128 or later, which fixes this vulnerability.

Original NVD description (English source)

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS