Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0154

NIXPKGS-2026-0154
published on 7 Feb 2026
Permalink CVE-2026-25725
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 1 day ago
  • @LeSuisse removed
    6 packages
    • claude-code-acp
    • claude-code-bin
    • claude-code-router
    • gnomeExtensions.claude-code-switcher
    • vscode-extensions.anthropic.claude-code
    • gnomeExtensions.claude-code-usage-indicator
    2 weeks ago
  • @LeSuisse removed
    8 maintainers
    • @omarjatoi
    • @malob
    • @markus1189
    • @storopoli
    • @xiaoxiangmoe
    • @mirkolenz
    • @Prince213
    • @honnip
    2 weeks ago
  • @LeSuisse accepted 2 weeks ago
  • @LeSuisse published on GitHub 2 weeks ago
Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks (such as SessionStart commands) that would execute with host privileges when Claude Code was restarted. This issue has been patched in version 2.1.2.

Affected products

claude-code
  • ==< 2.1.2

Matching in nixpkgs

Package maintainers

Ignored maintainers (3) 
Upstream advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf