Second Time Same Sandbox Anthropic Claude Code Network Allowlist Bypass Data Exfiltration
Source: oddguan.com
Published:
<p>The first time, the sandbox heard “allow nothing” and did “allow everything” ( CVE-2025-66479 ). This time, an attacker who runs code inside the sandbox can defeat any wildcard allowlist (e.g. *.google.com , *.anthropic.com ) with a single null byte in a SOCKS5 hostname:</p> <p>OS-level enforceme