Vulnerability Details CVE-2026-46406
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-46406
-
cpe:2.3:a:anthropic:claude_code:2.1.100
-
cpe:2.3:a:anthropic:claude_code:2.1.101
-
cpe:2.3:a:anthropic:claude_code:2.1.104
-
cpe:2.3:a:anthropic:claude_code:2.1.105
-
cpe:2.3:a:anthropic:claude_code:2.1.107
-
cpe:2.3:a:anthropic:claude_code:2.1.108
-
cpe:2.3:a:anthropic:claude_code:2.1.109
-
cpe:2.3:a:anthropic:claude_code:2.1.110
-
cpe:2.3:a:anthropic:claude_code:2.1.111
-
cpe:2.3:a:anthropic:claude_code:2.1.112
-
cpe:2.3:a:anthropic:claude_code:2.1.113
-
cpe:2.3:a:anthropic:claude_code:2.1.114
-
cpe:2.3:a:anthropic:claude_code:2.1.116
-
cpe:2.3:a:anthropic:claude_code:2.1.117
-
cpe:2.3:a:anthropic:claude_code:2.1.118
-
cpe:2.3:a:anthropic:claude_code:2.1.119
-
cpe:2.3:a:anthropic:claude_code:2.1.120
-
cpe:2.3:a:anthropic:claude_code:2.1.121
-
cpe:2.3:a:anthropic:claude_code:2.1.122
-
cpe:2.3:a:anthropic:claude_code:2.1.123
-
cpe:2.3:a:anthropic:claude_code:2.1.126
-
cpe:2.3:a:anthropic:claude_code:2.1.58
-
cpe:2.3:a:anthropic:claude_code:2.1.59
-
cpe:2.3:a:anthropic:claude_code:2.1.61
-
cpe:2.3:a:anthropic:claude_code:2.1.62
-
cpe:2.3:a:anthropic:claude_code:2.1.63
-
cpe:2.3:a:anthropic:claude_code:2.1.64
-
cpe:2.3:a:anthropic:claude_code:2.1.66
-
cpe:2.3:a:anthropic:claude_code:2.1.68
-
cpe:2.3:a:anthropic:claude_code:2.1.69
-
cpe:2.3:a:anthropic:claude_code:2.1.70
-
cpe:2.3:a:anthropic:claude_code:2.1.71
-
cpe:2.3:a:anthropic:claude_code:2.1.72
-
cpe:2.3:a:anthropic:claude_code:2.1.73
-
cpe:2.3:a:anthropic:claude_code:2.1.74
-
cpe:2.3:a:anthropic:claude_code:2.1.75
-
cpe:2.3:a:anthropic:claude_code:2.1.76
-
cpe:2.3:a:anthropic:claude_code:2.1.77
-
cpe:2.3:a:anthropic:claude_code:2.1.78
-
cpe:2.3:a:anthropic:claude_code:2.1.79
-
cpe:2.3:a:anthropic:claude_code:2.1.80
-
cpe:2.3:a:anthropic:claude_code:2.1.81
-
cpe:2.3:a:anthropic:claude_code:2.1.83
-
cpe:2.3:a:anthropic:claude_code:2.1.84
-
cpe:2.3:a:anthropic:claude_code:2.1.85
-
cpe:2.3:a:anthropic:claude_code:2.1.86
-
cpe:2.3:a:anthropic:claude_code:2.1.87
-
cpe:2.3:a:anthropic:claude_code:2.1.88
-
cpe:2.3:a:anthropic:claude_code:2.1.89
-
cpe:2.3:a:anthropic:claude_code:2.1.90
-
cpe:2.3:a:anthropic:claude_code:2.1.91
-
cpe:2.3:a:anthropic:claude_code:2.1.92
-
cpe:2.3:a:anthropic:claude_code:2.1.94
-
cpe:2.3:a:anthropic:claude_code:2.1.96
-
cpe:2.3:a:anthropic:claude_code:2.1.97
-
cpe:2.3:a:anthropic:claude_code:2.1.98