Claude Code Finding 4: Remote Control Session Hijacking via Missing Per-Session Authentication
The Claude Code remote-control session events endpoint lacks per-session authentication, enabling invisible remote command execution from any machine on the internet.