Headline
GHSA-ph6w-f82w-28w6: Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting “Yes, proceed” would allow Claude Code to execute files in the folder without additional confirmation. This may not have been clear to a user so we have updated the warning to clarify this functionality.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to https://hackerone.com/avivdon for reporting this issue!
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-ph6w-f82w-28w6
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
High severity GitHub Reviewed Published Sep 2, 2025 in anthropics/claude-code • Updated Sep 3, 2025
Package
npm @anthropic-ai/claude-code (npm)
Affected versions
< 1.0.87
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting “Yes, proceed” would allow Claude Code to execute files in the folder without additional confirmation. This may not have been clear to a user so we have updated the warning to clarify this functionality.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to https://hackerone.com/avivdon for reporting this issue!
References
- GHSA-ph6w-f82w-28w6
Published to the GitHub Advisory Database
Sep 3, 2025