Claude Code CVE-2026-39861:sandbox escape via symlink (github.com)

Claude Code recently addressed a critical security vulnerability, CVE-2026-39861, involving a sandbox escape through symbolic links (symlinks). The issue allowed sandboxed processes to create symlinks that pointed to external locations, enabling unsandboxed processes to write data outside the designated workspace without user confirmation. This breach posed significant risks, as it could lead to arbitrary code execution outside the intended security boundaries, undermining the protections typically offered by the sandbox environment. For the AI/ML community, this incident highlights the importance of robust sandboxing mechanisms to protect against potential exploitation. The ability to leverage prompt injection for code execution emphasizes the need for stringent security practices in developing AI applications that handle untrusted content. Claude Code has rolled out an automatic patch for users who employ standard auto-update features, while those who manually update are encouraged to upgrade to the latest version to mitigate the risks associated with this vulnerability.