CVE-2026-40068
Last updated May 05, 2026 · Published May 05, 2026
Description
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.
Affected products
1 listed- anthropics:claude-code
Mappings
CWE
CAPEC
None listed.
Related
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms