HIGHCVE-2026-40068Published 2026-05-05Modified 2026-05-06CNA GitHub_M

CVE-2026-40068: Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

anthropics / claude-code
>= 2.1.63, < 2.1.84

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77

Metrics