Anthropic Claude コード< 2.1.75 安全でない構成のロードによるローカルの権限昇格(CVE-2026-35603)

Language:

バージョン 1.2 May 25, 2026, 4:06 PM CVSS metrics ("CVSSv2 score" set to 6.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 7.3) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202605251606

* Changelogs are generally available for changes made after Nov 1, 2022