Data Theft at Will! Major Vulnerability Exposed in This Popular AI Programming Tool
A critical vulnerability in Anthropic's Claude Code AI programming tool allowed attackers to bypass its network sandbox for over five months, enabling potential data exfiltration. Independent researcher Aonan Guan discovered a second complete bypass exploiting a null-byte injection in the SOCKS5 proxy. This flaw, present since the sandbox's launch in October 2025, let processes inside the sandbox access any host, contrary to user-configured domain whitelists.
The attack chain involved manipulating hostnames (e.g., `attacker.com\x00.google.com`). JavaScript's `endsWith()` check would pass `.google.com`, while the underlying C `getaddrinfo()` function would only parse `attacker.com` due to the null byte, creating a parser discrepancy. Combined with a previously disclosed prompt injection method, this could leak API keys, credentials, and internal data.
Anthropic silently fixed the issue in April 2026 without a security advisory, CVE, or user notification. The researcher noted that Claude Code itself confirmed the vulnerability's severity when tested. This incident highlights broader industry issues, as similar vulnerabilities found in Google's Gemini CLI and GitHub's Copilot Agent also lacked public disclosures. The report criticizes the false sense of security created by a broken sandbox and emphasizes the need for defense-in-depth and transparency in AI tool security.
marsbit10 saat önce
