ANTHROPIC has quietly patched a vulnerability that could have allowed an attacker to bypass Claude Code’s network sandbox and exfiltrate data, according to SecurityWeek. The researcher who found it said two sandbox bypasses were identified, with one tracked as CVE-2025-66479 connected to the sandbox misinterpreting a setting to block outbound traffic as ‘allow everything’. That issue was fixed with an update released on 26 November 2025.
A second bypass, described as a SOCKS5 hostname null-byte injection, was found by the same researcher and present from 20 October 2025 when Claude Code went generally available until the release of version 2.1.90 in April 2026, around the time Guan reported it through Anthropic’s HackerOne bug bounty programme. Guan criticised the lack of a CVE for Claude Code itself and noted CVE-2025-66479 was assigned to the sandbox-runtime library rather than Claude Code.