anthropics
[Bug] Bash tool bypasses allowlist restrictions and executes unapproved commands
Bug Description Summary: Bash commands not in the user's allowed list are executing without approval/blocking.
Environment: Claude Code CLI
Steps to Reproduce:
- User configured settings.json with specific allowed Bash patterns including Bash(ls:), Bash(find:) but NOT Bash(head:) or Bash(grep:)
- Claude invoked Bash tool with command: head -5 "$MAPPING_FILE_PATH" 2>/dev/null || echo "..."
- Command executed instead of being blocked or requiring approval
Expected Behavior: Command should be blocked or require user approval since head is not in the allowed list.
Actual Behavior: Command executed without approval.
Additional Context: The allowed tools list explicitly included specific Bash command patterns, implying others should be denied. User should not need to explicitly deny () to enforce the allowlist.
Environment Info
- Platform: linux
- Terminal: xterm-256color
- Version: 2.0.60
- Feedback ID: d5ccbffa-66e0-4292-ac8d-4005f47924af
Errors
[]
Found 3 possible duplicate issues:
- https://github.com/anthropics/claude-code/issues/13340
- https://github.com/anthropics/claude-code/issues/13371
- https://github.com/anthropics/claude-code/issues/6527
This issue will be automatically closed as a duplicate in 3 days.
- If your issue is a duplicate, please close it and 👍 the existing issue instead
- To prevent auto-closure, add a comment or 👎 this comment
🤖 Generated with Claude Code
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@CyberneticNomad-v808 That's an interesting one, can you consistently reproduce it? Claude Code generally errs on the side of caution and would block piped commands even if all its parts are allowed in the allow-list. See #13340, but the other way around is really surprising.
