Bug 2494423 (CVE-2026-46406) - CVE-2026-46406 @anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command
Summary: CVE-2026-46406 @anthropic-ai/claude-code: Claude Code: Information disclosure...
Keywords:
Status: NEW
Alias: CVE-2026-46406
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-29 15:01 UTC by OSIDB Bzimport
Modified: 2026-06-30 13:09 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-29 15:01:43 UTC
Claude Code is an agentic coding tool.  From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.


Note You need to log in before you can comment on or make changes to this bug.