Anthropic Silently Patches Claude Code Sandbox Bypass
Summary
Anthropic patched a vulnerability in Claude Code's network sandbox (a restricted environment that controls where the AI can send data) that could have allowed attackers to bypass security controls and steal sensitive information. The vulnerability, called a SOCKS5 hostname null-byte injection issue (a trick where attackers hide a malicious server address using special characters to fool the security filter), was silently fixed in version 2.1.88 released on March 31, 2025, but was never publicly disclosed or assigned a tracking identifier.
Solution / Mitigation
The vulnerability was fixed in Claude Code version 2.1.88, released on March 31, 2025. According to Anthropic, the fix was included in a public commit to the 'sandbox-runtime' repository on March 27, 2025.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/anthropic-silently-patches-claude-code-sandbox-bypass/
First tracked: May 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%