An accidental leak of Claude Code reveals a serious security vulnerability, after Anthropic mistakenly published a large portion of the code for its programming tool on March 31.
This leak allowed analysts to reconstruct about 512,000 lines of code, which provided a clear picture of how the tool works, and made it easier to search for weak points or create fake versions that might be used to spread malware.
In this context, the Adversa AI team discovered a vulnerability in the permissions system within Claude Code, which acts as a programming assistant via the command line and can modify files and execute system commands. The system relies on rules that prevent the execution of certain commands, such as commands to transfer data over the network.
But the problem arises when executing long command chains, as the detailed security scan is limited to the first 50 commands only. If the string exceeds this limit, fine checks are skipped, and the user is asked to publicly confirm execution.
This can be exploited via a prompt injection attack, by inserting a malicious file into a public project that contains instructions to execute a long series of commands. After exceeding the specified limit, sensitive commands may be executed without blocking rules being applied, theoretically allowing data such as SSH keys or cloud access data to be leaked.
The information indicated that an internal version of the tool included a fix for this problem, before an official modification was later adopted in a later version to address the defect.
Source
