CVE-2026-39861 is a sandbox escape in Claude Code, patched in version 2.1.64. The vulnerability allows file writes to land outside the workspace directory by exploiting symbolic link following across two Claude Code processes. Reported by security researcher philts via HackerOne, tracked as GHSA-vp62-r36r-9xqp. If you use Claude Code below 2.1.64, update immediately. The Mechanism Claude Code sandboxes write operations to the current workspace directory. CVE-2026-39861 bypasses this using two processes: A sandboxed process creates a symbolic link inside the workspace. The symlink points outside the workspace boundary. Creating a symlink inside the workspace is permitted, so the sandbox allows it. A separate, unsandboxed process writes through that symlink. It does not re-validate the resolved path. It sees a path inside the workspace and writes to it. The write lands at the symlink's target, outside the sandbox. The root cause: the sandbox checks the declared path at creation time but not at resolution time.…