oddguan.com
Critical Sandbox Bypass in Claude Code Exposes User Data
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Anthropic's Claude Code AI platform has been found to have a critical network sandbox bypass vulnerability, allowing attackers to exfiltrate sensitive data, including user credentials and source code. Discovered by researcher Aonan Guan, this flaw is the second complete bypass identified within six months. The attack method involves a SOCKS5 hostname null-byte injection that tricks the sandbox's allowlist filter. This vulnerability existed for over five months without a public advisory or CVE for the main product, only affecting the underlying sandbox-runtime library. The first bypass was documented as CVE-2025-66479, published on December 4, 2025. Users who configured the sandbox with wildcard allowlists were particularly at risk, as the sandbox failed to enforce network restrictions as documented. The issue has raised significant concerns about the reliability of the sandboxing mechanism in AI-assisted coding tools.
Key Points: • Claude Code's sandbox bypass allows exfiltration of sensitive user data. • The vulnerability was active for over five months without a public advisory. • A second bypass was discovered, raising concerns about the security of AI coding tools.