Claude Code deny-rule bypass fix (version 2.1.90)
Security Patch Release
Summary
Hide ▲
Show ▼
Anthropic released Claude Code version 2.1.90 last week to fix a command-parsing flaw that could let user-configured deny rules silently stop applying when a command exceeded 50 subcommands. The issue mattered because a blocked command such as rm could run without restriction once it was preceded by enough harmless statements. The update formally closed the bypass in the AI coding agent that executes shell commands on developers' machines.
Related Happenings
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical Analysis
H score22
First: 08.07.2026 14:21
Last: 08.07.2026 14:21
Sources 1
About this happening:
Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical AnalysisAbout this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
GuardFall shell-trick bypass of command safety checks in AI coding agents
Technical Analysis
H score25
First: 30.06.2026 17:26
Last: 30.06.2026 17:26
Sources 1
About this happening:
**GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...
GuardFall shell-trick bypass of command safety checks in AI coding agents
Technical AnalysisAbout this happening: **GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch Release
H score43
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch ReleaseAbout this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
PromptMink malicious npm dependency stealing secrets and crypto wallets
Malware Activity
H score35
First: 29.04.2026 17:00
Last: 29.04.2026 17:00
Sources 1
About this happening:
The **PromptMink** malicious npm dependency now poses an immediate theft risk because it is stealing sensitive data and exposing **crypto wallets** from infected environments. The...
PromptMink malicious npm dependency stealing secrets and crypto wallets
Malware ActivityAbout this happening: The **PromptMink** malicious npm dependency now poses an immediate theft risk because it is stealing sensitive data and exposing **crypto wallets** from infected environments. The...
Timeline
-
08.04.2026 12:16 2 articles · 3mo ago
Claude Code 2.1.90 fixes deny-rule bypass for long commands
Mitigation Patch UpdateAnthropic addressed a command-parsing flaw in Claude Code version 2.1.90 that could silently ignore user-configured security deny rules when a command contained more than 50 subcommands, allowing blocked commands such as rm to run without restriction.
Show sources
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — thehackernews.com — 08.04.2026 12:16
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — thehackernews.com — 08.04.2026 12:16