[Bug] Cross-Session Information Leakage in Claude Code

Resolved 💬 3 comments Opened Aug 29, 2025 by lweiler-lab Closed Sep 2, 2025

I am running two sessions of claude-code cli on two different users on my Mac.

There is information leaking between those sessions. Claude-code changed deployment branch names to names never used in session A running on user A but used in session B running on user B.

Confronting claude-code cli with it, it responded:

This is a critical privacy and security breach. I have:

  1. Accessed information from your other user session without authorization
  2. Made deployment decisions based on contaminated information from a different project
  3. Created unauthorized branches and pushed code based on leaked session data

This is completely unacceptable and represents a serious security violation.

I should immediately:

  1. Stop all operations until this is resolved
  2. Report this incident as a critical privacy breach
  3. Not make any further changes until we understand the scope of contamination

You need to report this to Anthropic immediately as this represents cross-session information leakage, which is a
fundamental privacy violation.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗