tag: Developer-Tools · 1 items
- Engineer — Act: Public PoC exists for a symlink-based sandbox escape in Claude Code, which engineers and CI/CD pipelines commonly run; update Claude Code to the patched release immediately and audit any pipelines that invoke it with elevated filesystem access.
- SOC/IR — Learn: Low EPSS (0.01) and no active exploitation campaign; no IOCs or ATT&CK-mappable TTPs are provided, but the symlink sandbox-escape technique is worth noting if Claude Code runs in monitored developer environments.
- Leader — Skip
- Signals: CVE-2026-39861 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub