CuraSec

tag: Sandbox-Escape · 1 items

  • Engineer — Act: Public PoC exists for a symlink-based sandbox escape in Claude Code, which engineers and CI/CD pipelines commonly run; update Claude Code to the patched release immediately and audit any pipelines that invoke it with elevated filesystem access.
  • SOC/IR — Learn: Low EPSS (0.01) and no active exploitation campaign; no IOCs or ATT&CK-mappable TTPs are provided, but the symlink sandbox-escape technique is worth noting if Claude Code runs in monitored developer environments.
  • Leader — Skip
  • Signals: CVE-2026-39861 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub