Anthropic quietly fixed two vulnerabilities in Claude Code's network sandbox that could have allowed attackers to bypass network restrictions and exfiltrate sensitive data. The second flaw, discovered by researcher Aonan Guan, involved a SOCKS5 null-byte injection trick that could fool the allowlist filter into permitting connections to unauthorized hosts. Guan has criticized Anthropic for lacking transparency, noting no CVE was assigned to his finding and no public disclosure or release notes warned users — though Anthropic states the fix was deployed before his bug bounty report was submitted.
