Anthropic Claude Code < 2.1.2 settings.json インジェクションによるサンドボックスエスケープCVE-2026-25725]

Language:

バージョン 1.2 Apr 13, 2026, 9:49 AM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 10.0) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 7.7) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202604130949
バージョン 1.1 Apr 11, 2026, 7:53 AM New Plugin Feed: 202604110753

* Changelogs are generally available for changes made after Nov 1, 2022