A critical sandbox escape vulnerability, CVE-2026-39861, has been identified in Claude Code, affecting versions prior to 2.1.64. The flaw allows malicious actors to write files outside the designated workspace by exploiting symbolic link following between processes. Security researchers reported the issue, and users are urged to update to the latest version to mitigate the risk. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT Highlights the ongoing security challenges and attack vectors present in agentic execution models that combine filesystem access with autonomous operation.
RANK_REASON Security advisory for a specific software product, not a core AI model release or research.
