[BUG] Tool permission denial not enforced — WebFetch executed after user selected "No"

Resolved 💬 4 comments Opened Mar 17, 2026 by nimimbu Closed Apr 16, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When Claude Code prompts the user for permission to execute a tool call, selecting the "No" option did not prevent the tool from executing. The tool ran anyway and returned results, which Claude then used in its response.

This was previously reported and closed as fixed in #33235, but is still reproducible on Linux.

This makes the permission system meaningless. Users have a reasonable expectation that denying a tool call is a hard stop. In my case, I denied a WebFetch call because I wanted to provide that context myself. Claude proceeded to fetch and summarize the page anyway, then incorporated that scraped content into the conversation — overriding my intent.

What Should Happen?

Tool does not execute. Claude acknowledges the denial and asks the user for context or adjusts its approach.

Error Messages/Logs

Steps to Reproduce

  1. Start a Claude Code session
  2. Trigger a tool call that requires permission (e.g. WebFetch on an external URL)
  3. When the permission prompt appears, select the "No" / deny option
  4. Observe: tool executes anyway and result is used by Claude

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.72

Platform

Anthropic API

Operating System

Other Linux

Terminal/Shell

Xterm

Additional Information

<img width="1594" height="1980" alt="Image" src="https://github.com/user-attachments/assets/163ecf80-0b4a-454f-a1b2-adfc59a35641" />

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗