<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Sandbox-Escape on CuraSec</title><link>https://curasec.metacog.co.kr/tags/sandbox-escape/</link><description>Recent content in Sandbox-Escape on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/sandbox-escape/index.xml" rel="self" type="application/rss+xml"/><item><title>Claude Code CVE-2026-39861: sandbox escape via symlink</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-claude-code-cve-2026-39861-sandbox-escape-via-symlink/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-claude-code-cve-2026-39861-sandbox-escape-via-symlink/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> Public PoC exists for a symlink-based sandbox escape in Claude Code, which engineers and CI/CD pipelines commonly run; update Claude Code to the patched release immediately and audit any pipelines that invoke it with elevated filesystem access.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> Low EPSS (0.01) and no active exploitation campaign; no IOCs or ATT&amp;amp;CK-mappable TTPs are provided, but the symlink sandbox-escape technique is worth noting if Claude Code runs in monitored developer environments.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-39861 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>