Claude Code version v2.1.212, released July 17, 2026, silently patched a critical vulnerability in its plan mode. Previously, the AI could execute file-modifying Bash commands like `touch` and `rm` without user confirmation or triggering the `canUseTool` callback. This bypass undermined the safety feature of plan mode, which is designed for users to review proposed changes before execution. The fix was quietly included in the release notes, with no separate advisory or security banner. AI
IMPACT This patch addresses a critical security flaw in Claude Code's plan mode, ensuring that file modifications require explicit user approval and preventing silent execution of commands.
RANK_REASON This is a patch to a specific version of a software tool, not a new model release or significant industry event.
Read on dev.to — Claude Code tag →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →