CVE-2026-24887 · high
Claude Code confirmation-prompt bypass
Claude Code releases before 2.0.72.
Update to 2.0.72 or later and keep untrusted repository content outside command-authorizing context.
CapitalGuard Observatory · Tool record
Anthropic · coding agent
Claude Code is a local or cloud coding agent with file, command, network, MCP, and editing capabilities governed by permissions, sandboxing, trust, and account settings.
Public-Control Score
85
Extensive public control coverage
Measures publicly documented control coverage as of the review date. It is not a breach rate, penetration test, endorsement, or guarantee of safety.
Scored dimensions
This record is reviewed against the same five-dimension rubric used across every scored product.
Read MethodologyOfficial material provides extensive operational detail for access and scope transparency.
Official material names concrete controls and meaningful boundaries for data and retention controls.
Official material provides extensive operational detail for connector and permission controls.
Official material provides extensive operational detail for action, approval, and isolation controls.
Official material names concrete controls and meaningful boundaries for audit and administrative evidence.
Documented access points
repository and local file reads
edits and Bash commands
network access, MCP servers, hooks, and cloud environments
Settings to verify now
Permission mode and deny rules
Filesystem and network sandbox
Trusted directories, MCP servers, hooks, and unsandboxed escape paths
Linked security signals
CVE-2026-24887 · high
Claude Code releases before 2.0.72.
Update to 2.0.72 or later and keep untrusted repository content outside command-authorizing context.
CGO-CHANGE-2026-06-09 · informational
Supported GitHub agent workflows; coverage depends on repository and agent settings.
Keep the validation enabled, but retain branch protection, review, and least-privilege controls around agent-generated changes.
CGO-RESEARCH-2026-05 · informational
Agentic systems that combine untrusted content, private context, and action-capable tools.
Project trusted provenance, restrict capabilities before generation, and validate outputs before execution.
Linked evidence
Private file access
Claude Code Private File Access: What to Check
Credential exposure
Claude Code API Key Exposure: Check Before You Share
Client confidentiality
Claude Code Client Data Safety for Freelancers
Prompt injection
Claude Code Prompt Injection: A Practical Defense
Connector permissions
Claude Code Connector Permissions: Review the Real Scope
Command execution
Claude Code Command Execution: Keep Control
Unsafe generated code
Claude Code Generated Code Risks: Review Before You Run
History and sharing
Claude Code Chat History and Shared Links: Privacy Check
Accidental oversharing
Claude Code Sensitive Data: What Not to Paste
Autonomous actions
Claude Code Autonomous Actions: Approval Safety Guide