Skills
Claude Code Sandbox SOCKS5 Bypass: Second Silent Fix in Five Months — Null-Byte Injection Tricks Network Allowlist, No CVE Issued
Security researcher Aonan Guan discovered a SOCKS5 hostname null-byte injection that bypasses Claude Code's network sandbox allowlist filter, enabling exfiltration of credentials, source code, and private data to arbitrary servers. This is the second time in five months Anthropic has silently patched a sandbox bypass without issuing a CVE or security advisory. Developers running Claude Code should monitor updates closely and treat the sandbox as defense-in-depth, not a sole security boundary.
Source
↳ Follow the thread