Model fabricated a command in technical repro steps instead of using known context

Resolved 💬 3 comments Opened May 18, 2026 by azaidiciq Closed Jun 18, 2026

Description

While drafting reproduction steps for a CVE (CVE-2026-46333), Claude fabricated a generic ./exploit binary name instead of using the correct command (./chage_pwn root) that had been established and used repeatedly throughout the session.

What happened

The session involved testing two PoC exploits for CVE-2026-46333 across multiple servers. The command ./chage_pwn root was used extensively throughout the conversation. When asked to produce repro steps to hand off to teammates, Claude wrote ./exploit — a command that does not exist in the referenced repository and was never used in the session.

When the user caught the error and asked where ./exploit came from, Claude acknowledged it had fabricated the command rather than referencing the session context.

Why this matters

This occurred in a security engineering context where command accuracy is critical. A teammate following fabricated repro steps would get a "command not found" error and waste time debugging a non-issue. In a worse scenario, a similarly fabricated but plausible-looking command could cause harm.

Expected behavior

Claude should use commands established in the current session context rather than generating plausible-sounding substitutes. When drafting technical documentation or repro steps, all commands should be traceable to actual usage in the session or explicitly flagged as unverified.

Session context

The correct command (./chage_pwn root) was used in dozens of tool calls throughout the session. It was not ambiguous or missing from context.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗