Claude Code: Sandbox Escape via Symlink Following (GHSA-vp62-r36r-9xqp)

Source: GitHub Security Advisory Date: 2026-04-21 (published) Severity: HIGH

Summary

New Claude Code vulnerability: sandbox escape via symlink following allows arbitrary file write outside workspace. GHSA-vp62-r36r-9xqp. Fifth dimension of the Claude Code security surface — now including symlink-based sandbox escapes alongside the existing code vulnerabilities (CVE chain), integration vulnerabilities (hooks RCE), trust vulnerabilities (social engineering), and configuration vulnerabilities (system-wide loading).

Implications

The Claude Code security surface continues to expand. This is the most direct sandbox escape yet — symlink following is a classic attack vector that suggests the sandboxing implementation has gaps in path canonicalization. The timing (same day as the Copilot billing shock and Claude Code Pro removal test) makes this easy to miss. Combined with the existing unpatched CVE-2026-35020/35021/35022 credential exfiltration chain, the security posture remains the primary concern for enterprise deployment.