Bug Bounty And Vuln HuntingVulnerability

White box audit of Claude Code CLI finds two RCEs

April 1, 2026Ashar Javed

Ashar Javed says he audited the Claude Code CLI source from inside the Claude Code CLI itself and, with prompting driven by ChatGPT 5.4, found two full RCEs, framing LLM-assisted review as a practical vuln hunting workflow.

Open in PulseSee the full expert discussion →

QUOTES

I audited the Claude Code CLI source code from within the Claude Code CLI itself—a full white-box review done inside its own interface.

The audit prompting was driven by ChatGPT 5.4, and so far we’ve found two full RCEs.

VOICES

Ashar Javed

RELATED TERMS

rce vulnerabilityvulnerability researchclaudeclaude coderce vulnerability

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer DarkSword/Coruna iOS exploit kits expanding beyond nation-state use LiteLLM PyPI backdoor (v1.82.7–1.82.8) tied to TeamPCP supply-chain campaign

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security