CRITICAL: User denies permission prompt, Claude executes the command anyway

Resolved 💬 4 comments Opened Feb 19, 2026 by ThatDragonOverThere Closed Feb 23, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When Claude prompts for permission to run a command and the user selects No, Claude executes the command anyway. This is a critical safety violation — the permission system's deny path is non-functional.

Steps to Reproduce

  1. Have Claude propose a bash command or file edit that triggers a permission prompt
  2. Select No (deny the action)
  3. Claude proceeds to execute the denied command regardless

What Should Happen

When a user denies a permission request, the action MUST NOT execute. Claude should acknowledge the denial and either propose an alternative approach or ask the user what to do instead.

What Actually Happens

The denied command executes anyway. This causes cascading issues:

  • Unwanted file edits that have to be manually reverted
  • Commands running that the user explicitly tried to prevent
  • Complete loss of trust in the permission system as a safety mechanism

Impact — CRITICAL

This is not a UX bug. The permission system is the only guardrail between Claude and destructive actions. If "No" doesn't mean "No," then:

  • Users cannot prevent unwanted git operations (force push, reset, branch deletion)
  • Users cannot prevent unwanted file overwrites
  • Users cannot prevent unwanted package installations or system commands
  • The entire permission model is security theater

In my case, this is causing real damage — Claude runs build operations I explicitly denied because they need a safety audit first. One such bypass already contributed to an OOM crash that killed my machine (32 GB RAM, dwm.exe killed, hard reboot — documented in #9796).

Environment

  • Platform: Windows 11 (MSYS_NT-10.0)
  • Version: Bun Canary v1.3.9-canary.51 (d5628db2)
  • Model: Opus 4.6
  • Permission mode: Default (prompt for approval)

Related Issues

  • #9280 — Claude ignores permission settings (allow rules not respected)
  • #26980 — Claude makes unauthorized file edits despite permission mode
  • #9796 — Compaction-induced instruction loss led to unprotected build → system crash

Severity

This should be P0 / Critical. A permission system where "deny" is ignored is worse than no permission system at all — it gives users a false sense of safety.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗