Anthropic has quietly patched a sandbox bypass vulnerability in Claude Code that could have allowed attackers to exfiltrate sensitive data like credentials and tokens. Security researcher Aonan Guan discovered the flaw, which involved a SOCKS five hostname null-byte injection that tricked the network filter into approving connections to unauthorized hosts. While Anthropic says they fixed the issue before Guan's formal report, the researcher criticizes the company for not assigning a CVE identifier or properly notifying users who may have been running the vulnerable version in production for months.