Critical Vulnerability Found in Claude Code After Source Leak
Basically, a serious flaw was found in Claude Code that could let hackers steal sensitive information.
A critical vulnerability in Claude Code was discovered shortly after its source code leak. This flaw could allow attackers to bypass security measures and steal sensitive credentials, posing a significant risk. Developers must act quickly to protect their systems.
What Happened
Anthropic's Claude Code has made headlines for troubling reasons. Just days after the source code was accidentally leaked, a critical vulnerability was identified by Adversa AI. This sequence of events raises significant security concerns for developers and users alike.
On March 31, 2026, Anthropic mistakenly uploaded a debugging JavaScript sourcemap for Claude Code v2.1.88 to npm. This led to a rapid examination of the code, revealing its operational structure. While the leak exposed 512,000 lines of TypeScript, it did not compromise sensitive data like model weights or customer information. However, it did provide insights into how Claude Code operates, which could be leveraged by malicious actors.
The Flaw
The vulnerability discovered by Adversa AI is alarming. Claude Code is a 519,000+ line TypeScript application that facilitates direct interaction with the AI from the command line. It features a permission system designed to manage commands safely. Unfortunately, this system has a critical flaw: the deny rules can be bypassed.
Adversa explains that the flaw stems from a performance fix made by Anthropic. They capped the analysis of commands at 50 subcommands to prevent UI freezes. However, this cap can be exploited through prompt injection, where an attacker crafts a malicious CLAUDE.md file that generates a pipeline of commands exceeding the limit. This manipulation allows the system to revert to an 'ask' prompt, effectively ignoring the deny rules.
What's at Risk
The implications of this vulnerability are severe. Attackers could potentially exfiltrate sensitive information such as:
- SSH private keys
- AWS credentials
- GitHub tokens
- npm tokens
- Environment secrets
The ability to bypass security measures poses a risk of credential theft at scale, which could lead to supply chain compromises and cloud infrastructure breaches. The vulnerability exists independently of the safety layer implemented in Claude, meaning that even well-crafted prompts could bypass security checks.
Patch Status
As of now, there is no public patch or fix available for this critical vulnerability. Users of Claude Code should remain vigilant and monitor updates from Anthropic regarding this issue.
Immediate Actions
Developers using Claude Code should take the following precautions:
- Limit access to sensitive systems until a fix is released.
- Review code for any potential vulnerabilities related to command execution.
- Educate teams on the risks associated with prompt injection and how to mitigate them.
In conclusion, while the source code leak was concerning, the critical vulnerability poses a much greater risk. Immediate attention is required to safeguard against potential exploitation.