Anthropic's Claude Code, an AI programming tool, has been found to contain a significant security vulnerability in its network sandbox feature. Independent researcher Aonan Guan discovered an empty byte injection attack in the SOCKS5 protocol, allowing unauthorized access to restricted hosts. This flaw has been present since the sandbox's launch in October 2025, affecting all versions until a silent patch was applied on April 1, 2026. Despite the severity, Anthropic has not issued a security advisory or CVE, leaving users unaware of the risk.
The vulnerability exploits a discrepancy in how JavaScript and C handle null bytes, enabling attackers to bypass domain restrictions. This issue, combined with a previously disclosed prompt injection attack, poses a significant threat to sensitive data security. Anthropic's handling of the situation, including a lack of transparency and communication, has drawn criticism from the security community, highlighting the need for robust disclosure practices and effective security measures.
Claude Code AI Tool Exposed to Major Security Vulnerability
Haftungsausschluss: Die auf Phemex News bereitgestellten Inhalte dienen nur zu Informationszwecken.Wir garantieren nicht die Qualität, Genauigkeit oder Vollständigkeit der Informationen aus Drittquellen.Die Inhalte auf dieser Seite stellen keine Finanz- oder Anlageberatung dar.Wir empfehlen dringend, eigene Recherchen durchzuführen und einen qualifizierten Finanzberater zu konsultieren, bevor Sie Anlageentscheidungen treffen.