CVE-2026-24887 is an OS command injection vulnerability classified under CWE-78 and CWE-94 affecting anthropics' Claude Code, an agentic coding tool designed to assist with code generation and execution. The vulnerability arises from improper neutralization of special elements in OS commands, specifically within the parsing of the find command. Prior to version 2.0.72, Claude Code's confirmation prompt intended to prevent untrusted command execution could be bypassed due to an error in command parsing logic. This flaw allows an attacker to inject malicious commands that are executed on the underlying operating system. Successful exploitation requires the attacker to inject untrusted content into the Claude Code context window, which then gets processed without proper sanitization or validation. The vulnerability does not require privileges or authentication but does require user interaction to trigger the command execution. The CVSS 4.0 base score is 7.7, reflecting high severity with network attack vector, low attack complexity, partial attack prerequisites, and partial user interaction. The vulnerability impacts confidentiality, integrity, and availability by enabling arbitrary command execution, potentially leading to data theft, system compromise, or denial of service. The issue has been addressed in version 2.0.72 by correcting the command parsing and enforcing proper validation to prevent bypass of the confirmation prompt. No known exploits have been reported in the wild as of the publication date.

For European organizations, this vulnerability poses a significant risk especially for those relying on Claude Code in their software development or automation workflows. Exploitation could lead to unauthorized execution of arbitrary commands on developer machines or build servers, potentially compromising sensitive source code, intellectual property, and internal systems. The ability to bypass confirmation prompts increases the risk of stealthy attacks. Organizations in sectors such as finance, technology, and critical infrastructure that use Claude Code could face data breaches, operational disruptions, or supply chain compromises. The vulnerability's network attack vector means attackers could exploit it remotely if they can inject untrusted content, increasing the attack surface. Given the high severity and potential for widespread impact, failure to patch could result in significant operational and reputational damage.

European organizations should immediately upgrade all instances of Claude Code to version 2.0.72 or later to remediate the vulnerability. Until upgrade is possible, restrict the ability to inject untrusted content into Claude Code context windows by implementing strict input validation and sanitization controls. Limit access to Claude Code environments to trusted users and networks, employing network segmentation and access controls to reduce exposure. Monitor logs and command execution traces for unusual or unauthorized activity indicative of exploitation attempts. Educate developers and users about the risks of executing untrusted code and the importance of applying security updates promptly. Additionally, consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous command executions. Regularly review and audit software development tools for security updates and vulnerabilities to maintain a secure development environment.