diff --git a/claude/Dockerfile b/claude/Dockerfile
index 915f271..cd9cce4 100644
--- a/claude/Dockerfile
+++ b/claude/Dockerfile
@@ -1,5 +1,9 @@
 FROM node:20-alpine
 
+# Upgrade npm to pull in patched bundled deps (cross-spawn, glob, minimatch, tar)
+# CVEs: CVE-2024-21538, CVE-2025-64756, CVE-2026-26996/27903/27904, CVE-2026-23745/23950/24842/26960/29786/31802
+RUN npm install -g npm@latest
+
 # Install runtime dependencies
 RUN apk add --no-cache \
   git \