📄 Description (English)
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.72.
🤖 AI Executive Summary
Claude Code versions prior to 2.0.72 contain a command injection vulnerability (CWE-78) that allows attackers to bypass security confirmation prompts and execute arbitrary commands through the find command. With a CVSS score of 8.8, this vulnerability requires attackers to inject untrusted content into the Claude Code context window. The vulnerability has been patched in version 2.0.72, and immediate patching is recommended for all organizations using Claude Code in development environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 18:44
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi technology companies, software development firms, and government IT departments that utilize Claude Code for development and automation tasks. High-risk sectors include: (1) Banking and Financial Services (SAMA-regulated institutions) using Claude Code for backend development; (2) Government agencies (NCA oversight) employing AI-assisted coding tools; (3) Telecommunications companies (STC, Mobily) integrating Claude Code into development pipelines; (4) Energy sector (ARAMCO, KAEC) using AI tools for infrastructure automation; (5) Healthcare organizations developing digital health solutions. The vulnerability is particularly concerning as it could allow supply chain attacks through compromised code repositories or collaborative development environments.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Technology and Software Development
Defense and Security
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Claude Code installations across your organization using version tracking tools and software inventory systems
2. Disable Claude Code usage in production and critical development environments until patching is complete
3. Review recent Claude Code execution logs for suspicious command patterns or unauthorized find command usage
4. Audit all code generated by Claude Code in the past 30 days for potential malicious payloads
PATCHING GUIDANCE:
1. Upgrade Claude Code to version 2.0.72 or later immediately
2. Verify patch installation by checking version numbers in all development environments
3. Test patched version in non-production environments before full deployment
4. Document patch deployment across all systems
COMPENSATING CONTROLS (if immediate patching not possible):
1. Restrict Claude Code usage to isolated development environments with network segmentation
2. Implement strict input validation and sanitization for all Claude Code context windows
3. Monitor and log all Claude Code command executions
4. Disable find command functionality if possible through configuration
5. Implement application whitelisting to prevent unauthorized command execution
DETECTION RULES:
1. Monitor for find command execution with unusual parameters or syntax
2. Alert on Claude Code processes spawning shell commands without user confirmation
3. Track execution of commands with special characters or escape sequences in Claude Code contexts
4. Monitor for rapid successive command executions from Claude Code instances
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع تثبيتات Claude Code عبر مؤسستك باستخدام أدوات تتبع الإصدارات وأنظمة جرد البرامج
2. تعطيل استخدام Claude Code في بيئات الإنتاج والتطوير الحرجة حتى اكتمال التصحيح
3. مراجعة سجلات تنفيذ Claude Code الحديثة للبحث عن أنماط أوامر مريبة أو استخدام أمر البحث غير المصرح به
4. تدقيق جميع الأكواد التي تم إنشاؤها بواسطة Claude Code في آخر 30 يومًا للبحث عن حمولات ضارة محتملة
إرشادات التصحيح:
1. ترقية Claude Code إلى الإصدار 2.0.72 أو أحدث على الفور
2. التحقق من تثبيت التصحيح بفحص أرقام الإصدارات في جميع بيئات التطوير
3. اختبار الإصدار المصحح في بيئات غير الإنتاج قبل النشر الكامل
4. توثيق نشر التصحيح عبر جميع الأنظمة
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكنًا):
1. تقييد استخدام Claude Code على بيئات التطوير المعزولة مع تقسيم الشبكة
2. تنفيذ التحقق الصارم من صحة المدخلات وتطهيرها لجميع نوافذ سياق Claude Code
3. مراقبة وتسجيل جميع عمليات تنفيذ أوامر Claude Code
4. تعطيل وظيفة أمر البحث إن أمكن من خلال التكوين
5. تنفيذ قائمة بيضاء للتطبيقات لمنع تنفيذ الأوامر غير المصرح به
قواعد الكشف:
1. مراقبة تنفيذ أمر البحث مع معاملات أو بناء جملة غير عادي
2. التنبيه على عمليات Claude Code التي تولد أوامر shell بدون تأكيد المستخدم
3. تتبع تنفيذ الأوامر التي تحتوي على أحرف خاصة أو تسلسلات هروب في سياقات Claude Code
4. مراقبة عمليات التنفيذ المتتالية السريعة من مثيلات Claude Code
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.1.1 - Access Control and Authentication
ECC 2024 A.12.2.1 - Change Management
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.GV-1 - Organizational Context and Governance
SAMA CSF PR.AC-1 - Access Control and Authentication
SAMA CSF PR.PT-1 - Security Awareness and Training
SAMA CSF DE.CM-1 - Detection and Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security
ISO 27001:2022 A.6.1 - Organization of Information Security
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
🟣 PCI DSS v4.0
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
📦 Affected Products / CPE 1 entries
anthropic:claude_code