AI Tool CLI

Claude Code Security Patterns

Common security vulnerabilities in code generated by Claude Code AI

Quick Answer

Claude Code has 3 documented CVEs (CVSS up to 8.8) and generates code with missing input validation. Security issues include command injection via malicious repositories (CVE-2025-54795), path traversal (CVE-2025-54794), and MCP WebSocket bypasses (CVE-2025-52882). Review all AI-generated code before deployment.

3
Known CVEs
8.8
Highest CVSS
5
Code Patterns
CLI
Tool Type

About Claude Code

Claude Code is Anthropic's official CLI tool for code generation and editing. It is built on Claude 3.5 Sonnet and later models, designed specifically for software development tasks including writing, refactoring, and debugging code.

Claude Code is more deliberate about security than many AI coding tools. It sometimes adds authentication checks, uses parameterized queries, and considers edge cases without explicit prompting. However, like all AI assistants, it still generates patterns that prioritize functionality over comprehensive security. The common issues align with OWASP Top 10 categories including A04:2021 Insecure Design. Vibe coders should still review Claude Code output before deploying to production.

Known CVEs in Claude Code

Claude Code has 3 documented CVEs as of 2025. These vulnerabilities were disclosed as part of the IDEsaster research into AI coding tools. All have been patched in recent versions.

CVE-2025-54795 CVSS 8.7

Command Injection via Malicious Repositories

Attackers could embed malicious code in repository files that would execute shell commands when Claude Code processed them. This could lead to arbitrary code execution on the developer's machine.

CWE: CWE-78 (Command Injection) Status: Patched
CVE-2025-54794 CVSS 7.7

Path Restriction Bypass

A vulnerability allowed Claude Code to access files outside the intended working directory. Attackers could read or modify sensitive files on the developer's system.

CWE: CWE-22 (Path Traversal) Status: Patched
CVE-2025-52882 CVSS 8.8

MCP WebSocket Authentication Bypass

The Model Context Protocol (MCP) WebSocket implementation had an authentication bypass vulnerability. Malicious websites could connect to the local MCP server and execute commands without proper authorization.

CWE: CWE-287 (Improper Authentication) Status: Patched

Action required: Ensure you're running the latest version of Claude Code. Check for updates with claude --version and update via your package manager.

Security Patterns in Generated Code

Beyond tool-level CVEs, these are the most common security issues we see in vibe coded projects using Claude Code:

Missing Input Validation

High

Claude Code generates API endpoints that accept request data without validating types, formats, or constraints. This can lead to type coercion bugs, database errors, or injection vulnerabilities.

VULNERABLE
// Claude Code often generates this:
app.post('/api/user/profile', async (req, res) => {
  const { userId, email, bio } = req.body;
  const result = await db.users.update({
    where: { id: userId },
    data: { email, bio }
  });
  res.json({ success: true, user: result });
});
SECURE 
// Secure version with Zod validation:
import { z } from 'zod';

const schema = z.object({
  userId: z.string().uuid(),
  email: z.string().email().max(255),
  bio: z.string().max(500).optional()
});

app.post('/api/user/profile', async (req, res) => {
  const validated = schema.parse(req.body);
  const result = await db.users.update({
    where: { id: validated.userId },
    data: { email: validated.email, bio: validated.bio }
  });
  res.json({ success: true, user: result });
});
Learn more about this vulnerability

Verbose Error Messages

Medium

Claude Code generates error handlers that expose internal details like stack traces, SQL queries, and file paths. This information helps attackers understand system internals.

VULNERABLE
// Claude Code might generate:
app.post('/api/data', async (req, res) => {
  try {
    const result = await db.query(sql);
  } catch (error) {
    res.status(500).json({
      error: error.message,
      stack: error.stack,
      query: error.sql
    });
  }
});
SECURE 
// Secure version with sanitized errors:
app.post('/api/data', async (req, res) => {
  try {
    const result = await db.query(sql);
  } catch (error) {
    logger.error('Query failed', { error, requestId: req.id });
    res.status(500).json({
      error: 'An error occurred',
      requestId: req.id
    });
  }
});
Learn more about this vulnerability

Missing Rate Limiting

High

Claude Code creates authentication endpoints without rate limiting. This allows brute force attacks on login, password reset, and registration endpoints.

VULNERABLE
// Claude Code generates functional but unprotected routes:
export default async function handler(req, res) {
  const { username, password } = req.body;
  const user = await authenticateUser(username, password);

  if (!user) {
    return res.status(401).json({ error: 'Invalid credentials' });
  }

  return res.json({ token: generateToken(user) });
}
SECURE 
// With rate limiting:
import rateLimit from 'express-rate-limit';

const loginLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5, // 5 attempts per window
  message: 'Too many attempts, try again later'
});

app.post('/api/login', loginLimiter, async (req, res) => {
  const { username, password } = req.body;
  const user = await authenticateUser(username, password);

  if (!user) {
    return res.status(401).json({ error: 'Invalid credentials' });
  }

  return res.json({ token: generateToken(user) });
});
Learn more about this vulnerability

Overly Permissive CORS

High

Claude Code may set CORS to allow all origins when you ask for API endpoints accessible from the frontend. This exposes APIs to cross-origin attacks.

VULNERABLE
// Claude Code might generate:
import cors from 'cors';

app.use(cors({
  origin: '*',
  credentials: true
}));
SECURE 
// Secure version with origin allowlist:
import cors from 'cors';

const allowedOrigins = ['https://app.example.com', 'https://example.com'];

app.use(cors({
  origin: (origin, callback) => {
    if (!origin || allowedOrigins.includes(origin)) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  },
  credentials: true
}));
Learn more about this vulnerability

Client-Side Only Validation

High

Claude Code may add form validation only on the client side, which attackers can bypass by calling the API directly.

VULNERABLE
// Client validation only:
const handleSubmit = () => {
  if (!email.includes('@')) {
    setError('Invalid email');
    return;
  }
  // Submits to API that has no validation
  fetch('/api/register', {
    method: 'POST',
    body: JSON.stringify({ email })
  });
}

// Server trusts client validation:
export async function POST({ request }) {
  const { email } = await request.json();
  await db.users.create({ data: { email } });
  return json({ success: true });
}
SECURE 
// Client validation (UX):
const handleSubmit = () => {
  if (!email.includes('@')) {
    setError('Invalid email');
    return;
  }
  fetch('/api/register', {
    method: 'POST',
    body: JSON.stringify({ email })
  });
}

// Server also validates (security):
export async function POST({ request }) {
  const { email } = await request.json();

  if (!email || !z.string().email().safeParse(email).success) {
    return json({ error: 'Invalid email' }, { status: 400 });
  }

  await db.users.create({ data: { email } });
  return json({ success: true });
}
Learn more about this vulnerability

Why Claude Code generates these patterns

Claude Code generates these security patterns for the same fundamental reasons all AI coding tools do:

  • Training data patterns: AI models learn from millions of code examples. Many tutorials and Stack Overflow answers prioritize clarity and quick solutions over security best practices
  • Functionality first: AI optimizes for code that works immediately. Security features like rate limiting and input validation add complexity that may not be evident in initial testing
  • Implicit requirements: When vibe coding, "create an API endpoint" does not automatically imply "with rate limiting, input validation, and sanitized errors" to an AI model
  • Context limitations: AI may not have full context about your threat model, compliance requirements, or production environment constraints

That said, Claude Code is more likely than competing tools to add basic security patterns like parameterized queries and authentication checks without explicit prompting. This is because Claude models have been trained with more emphasis on helpful, harmless, and honest outputs.

How to use Claude Code securely

  1. Be explicit about security requirements in prompts:

    Instead of "create a user registration API," say "create a user registration API with email validation using Zod, rate limiting at 3 attempts per 15 minutes, and sanitized error messages."

  2. Review generated code before committing:

    Look for missing input validation, verbose error messages, missing rate limiting, and overly permissive CORS configurations.

  3. Use Claude Code to fix its own issues:

    Paste fix prompts from this knowledge base into Claude Code and ask it to refactor the vulnerable code. Claude Code is effective at applying security fixes when given clear instructions.

  4. Scan your codebase before deployment:

    Run Vibeship Scanner to catch vulnerabilities that may have slipped through review.

Scan your vibe coded apps

Find missing validation, verbose errors, and other issues in your Claude Code-generated codebase

Scan your code free

Frequently asked questions

Is Claude Code secure?

Claude Code has 3 documented CVEs (CVE-2025-54795, CVE-2025-54794, CVE-2025-52882) with CVSS scores up to 8.8. These have been patched, so keep your installation updated. The tool is more security-conscious than some competitors but still generates code that requires security review before deployment.

What security issues does Claude Code have?

At the tool level, Claude Code has had command injection, path traversal, and MCP authentication bypass vulnerabilities. For generated code, common issues include missing input validation, verbose error messages, missing rate limiting, and overly permissive CORS configurations.

Is Claude Code safer than Cursor?

Both tools have documented CVEs from the IDEsaster research. Claude Code has 3 CVEs (CVSS up to 8.8), while Cursor has documented vulnerabilities as well. Both require security review. Claude Code shows slightly more security awareness in generated code patterns.

How do I use Claude Code securely?

Keep Claude Code updated to patch known CVEs. Be explicit about security requirements in prompts. Instead of "create an API endpoint," say "create an API endpoint with input validation, rate limiting, and proper error handling." Review generated code before committing.

Can Claude Code fix security issues?

Yes. Claude Code is effective at refactoring code to fix security issues once you point them out. You can paste AI fix prompts from this knowledge base directly into Claude Code and ask it to apply the fixes to your codebase.

Related content

AI Tool
Cursor

Security patterns in Cursor generated code
AI Tool
Bolt

Security patterns in Bolt generated apps
Vulnerability
Missing Authentication

Authentication and authorization vulnerabilities