Claude Code Bypasses Deny Rules Exposing Vulnerability
Adversa, a Tel Aviv security firm, on April 1, 2026 reported that Claude Code's deny rules can be bypassed when a pipeline exceeds a hard cap of 50 subcommands, letting prompt-injected sequences include blocked commands like curl. The firm supplied a proof-of-concept and said Anthropic already has an internal tree-sitter parser and a one-line change to deny instead of ask; the flaw risks automated approvals and CI/CD pipelines.
Scoring Rationale
High score reflects a novel, actionable security finding with a simple, available fix and clear risks to automated deployments. Score is slightly reduced because the issue currently affects Claude Code deployments specifically and lacks an official Anthropic confirmation.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read OriginalClaude Code bypasses safety rule if given too many commandstheregister.com
