Bug Bounty And Vuln HuntingVulnerability

Claude Code CLI critical flaw and bypass of the 50 subcommand limit

April 1, 2026SecurityWeek, Gray Hats, Ashar Javed

SecurityWeek and Gray Hats point to a critical Claude Code issue after the source leak, including a reported bypass of the 50-subcommand limit that could enable malicious directives in AI pipelines. Ashar Javed says they submitted a disclosure report to Anthropic.

Open in PulseSee the full expert discussion →

QUOTES

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Adversa uncovers a critical flaw in Anthropic’s Claude Code. By bypassing the 50-subcommand limit, hackers can execute malignant directives in AI pipelines.

It’s a high-interest issue related to the Claude Code CLI.

You may be interested in reviewing the report I submitted to disclosure@anthropic.com.

By bypassing the 50-subcommand limit, hackers can execute malignant directives in AI pipelines.

VOICES

SecurityWeek

Gray Hats

Ashar Javed

RELATED TERMS

claude codeprompt injectiondisclosureclaudeprompt injection

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer DarkSword/Coruna iOS exploit kits expanding beyond nation-state use LiteLLM PyPI backdoor (v1.82.7–1.82.8) tied to TeamPCP supply-chain campaign

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security