Claude Code Audit: Confirmed RCE via Environment Variable Injection

A security audit of the "Claude Code" project identified a remote code execution (RCE) vulnerability caused by environment variable injection. The flaw was confirmed through testing and affects the application's handling of user-controlled environment variables. The audit report is linked in the post.