Anthropic Claude Code < 2.1.64 シンボリックリンクのフォローを介したサンドボックスエスケープ (CVE-2026-39861)

Language:

バージョン 1.2 Apr 27, 2026, 11:43 AM CVSS metrics ("Cvssv4 threat score" set to 7.7) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202604271143
バージョン 1.1 Apr 24, 2026, 4:28 PM New Plugin Feed: 202604241628

* Changelogs are generally available for changes made after Nov 1, 2022