Unauthorized File Access Bypass in Claude Code
Resolved 💬 3 comments Opened Jul 30, 2025 by Liam-Fitzpatrick Closed Aug 15, 2025
Bug Report: Permission Deny Rules Not Applied Consistently Across File Paths
Summary
Permission deny rules for file reading are not consistently enforced when the same file is accessed through
different absolute paths.
Environment
- Platform: Linux (WSL2)
- OS Version: Linux 5.15.146.1-microsoft-standard-WSL2
- Multiple working directories configured
Steps to Reproduce
- Add deny rule with glob pattern: Read(**/sensitive*.json)
- Attempt to read the same file through different absolute paths:
- Path A: /mnt/c/path/to/project/sensitive.json
- Path B: /home/user/path/to/project/sensitive.json
Expected Behavior
All paths pointing to files matching the glob pattern should be denied access consistently.
Actual Behavior
- Some paths are correctly denied access
- Other paths to the same file are incorrectly allowed access
- Behavior is inconsistent between different absolute paths
Impact
This allows sensitive files to be read despite deny rules being in place, creating a security vulnerability.
Users may believe their files are protected when they are actually accessible through alternative paths.
Additional Notes
- The issue occurs when multiple paths point to the same physical file
- This may be related to how WSL2 handles multiple mount points or symlinks
- The permission system appears to evaluate paths differently depending on how they're accessed
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗