CVE-2026-40068 | THREATINT

Description

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.

PUBLISHED Reserved 2026-04-09 | Published 2026-05-05 | Updated 2026-05-06 | Assigner GitHub_M

HIGH: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

>= 2.1.63, < 2.1.84

affected

References

github.com/...e-code/security/advisories/GHSA-q5hj-mxqh-vv77

cve.org (CVE-2026-40068)

nvd.nist.gov (CVE-2026-40068)

Download JSON