{"data":{"id":"9cec4060-9250-4dad-ae2c-75abb9f51eaa","title":"Anthropic Silently Patches Claude Code Sandbox Bypass","summary":"Anthropic patched a vulnerability in Claude Code's network sandbox (a restricted environment that controls where the AI can send data) that could have allowed attackers to bypass security controls and steal sensitive information. The vulnerability, called a SOCKS5 hostname null-byte injection issue (a trick where attackers hide a malicious server address using special characters to fool the security filter), was silently fixed in version 2.1.88 released on March 31, 2025, but was never publicly disclosed or assigned a tracking identifier.","solution":"The vulnerability was fixed in Claude Code version 2.1.88, released on March 31, 2025. According to Anthropic, the fix was included in a public commit to the 'sandbox-runtime' repository on March 27, 2025.","labels":["security"],"sourceUrl":"https://www.securityweek.com/anthropic-silently-patches-claude-code-sandbox-bypass/","publishedAt":"2026-05-20T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude","Claude Code","Google Gemini","GitHub Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-20T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}