SecurityWeek reports that Anthropic patched a Claude Code network sandbox bypass caused by a SOCKS5 hostname null-byte injection flaw that could let attackers evade outbound allowlist restrictions and exfiltrate data. Researcher Aonan Guan said the issue affected Claude Code from October 20, 2025 until fixes shipped in Claude Code 2.1.88/2.1.90 in March-April 2026. The article also references an earlier related bypass, CVE-2025-66479, involving outbound policy misinterpretation.
Why it matters: Organizations using Claude Code in production may have relied on sandboxing to prevent agent-driven data exfiltration, especially in prompt-injection scenarios. Users should update Claude Code and review whether sensitive credentials, tokens, or environment data could have been exposed through sandbox bypasses.
2026.05.20
97% relevant
This article covers the same underlying event: Anthropic's silent patch of a Claude Code sandbox bypass caused by a SOCKS5 hostname null-byte injection flaw. It adds detail on impact, including possible exfiltration of GitHub and cloud credentials, the patch version timeline, and the researcher's criticism that Anthropic issued no CVE or Claude Code-specific advisory.
Eduard Kovacs
2026.05.20
100% relevant
This article establishes a distinct security story about a specific Claude Code sandbox bypass and Anthropic's handling and remediation of the flaw.
← Back to all stories