Even Claude agrees: hole in its sandbox was real and dangerous

The Register details two now-patched sandbox bypass flaws in Anthropic's Claude Code — notably a SOCKS5 hostname null‑byte injection — which could let attackers bypass network allowlists and, when combined with prompt injection, exfiltrate credentials, GitHub tokens, source code and cloud metadata; fixes were deployed with limited public disclosure and a CVE was only applied to an upstream library, leaving Claude Code users potentially unaware of exposure.