[BUG] Security validation incorrectly blocks access to allowed folder

Resolved 💬 3 comments Opened Sep 16, 2025 by Dasio Closed Sep 16, 2025

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Bash tool's security validation incorrectly blocks access to files in Kubernetes ConfigMap/Secret mounts that contain .. in timestamped directory names, even when the resolved path is within allowed directories.

What Should Happen?

Claude code shouldn't block it

Error Messages/Logs

grep in '/root/<folder>/..2025_09_16_10_04_14.3134483424/<file>.yaml' was blocked. For security, Claude Code may only search for patterns in files from the allowed working directories for this session: '/tmp/session-565b3c6d', '/root/<folder>'.

Steps to Reproduce

claude --add-dir=/root/<folder> -p 'run grep -E "name:" /root/<folder>/<file>.yaml' --output-format=stream-json --verbose

file structure

ls -la
total 1
drwxrwxrwt 3 root root  260 Sep 16 10:04 .
drwx------ 1 root root 4096 Sep 16 10:34 ..
drwxr-xr-x 2 root root  220 Sep 16 10:04 ..2025_09_16_10_04_14.3134483424
lrwxrwxrwx 1 root root   32 Sep 16 10:04 ..data -> ..2025_09_16_10_04_14.3134483424
lrwxrwxrwx 1 root root   19 Sep 16 10:04 <file>.yaml -> ..data/<file>.yaml

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

1.0.115

Platform

Google Vertex AI

Operating System

Other Linux

Terminal/Shell

Non-interactive/CI environment

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗