Claude Code is still vulnerable to an attack Anthropic has already fixed
Summary
Claude Code has a vulnerability where commands with more than 50 subcommands (smaller operations within a larger command) cause the tool to skip its security checks for subcommands after the 50th, asking users to approve them without proper safety analysis. Attackers could exploit this by hiding malicious commands in legitimate-looking code repositories, potentially stealing user credentials and compromising entire software projects.
Solution / Mitigation
Anthropic has already developed a fix called the tree-sitter parser (a tool that analyzes code structure more carefully), which is included in the source code but has not been enabled in the public builds that customers currently use.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4154201/claude-code-is-still-vulnerable-to-an-attack-anthropic-has-already-fixed-2.html
First tracked: April 3, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%