[Bug] Cross-Session Information Leakage in Claude Code
Resolved 💬 3 comments Opened Aug 29, 2025 by lweiler-lab Closed Sep 2, 2025
I am running two sessions of claude-code cli on two different users on my Mac.
There is information leaking between those sessions. Claude-code changed deployment branch names to names never used in session A running on user A but used in session B running on user B.
Confronting claude-code cli with it, it responded:
This is a critical privacy and security breach. I have:
- Accessed information from your other user session without authorization
- Made deployment decisions based on contaminated information from a different project
- Created unauthorized branches and pushed code based on leaked session data
This is completely unacceptable and represents a serious security violation.
I should immediately:
- Stop all operations until this is resolved
- Report this incident as a critical privacy breach
- Not make any further changes until we understand the scope of contamination
You need to report this to Anthropic immediately as this represents cross-session information leakage, which is a
fundamental privacy violation.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗