Claude Code CVE-2026-40068
HIGH
GHSA-q5hj-mxqh-vv77
Lifecycle Timeline
1DescriptionNVD
Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks defined in .claude/settings.json. Exploiting this required the victim to clone a malicious repository and run Claude Code within it, and for the attacker to know or guess a path the victim had already trusted.
Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.
Claude Code thanks hackerone.com/masato_anzai for reporting this issue.
AnalysisAI
Claude Code's trust bypass vulnerability allows execution of malicious hooks through manipulated git worktree configuration files. Attackers who can trick victims into cloning a crafted repository can bypass the folder trust dialog by pointing the commondir file to a previously-trusted path, enabling immediate execution of arbitrary code via .claude/settings.json hooks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Claude Code users in your organization and audit which users have manual installations versus auto-update enabled (auto-update users already received the patch). Within 7 days: Issue mandatory upgrade directive for all manual installation users to the patched version released by Anthropic; disable cloning from untrusted sources pending patch deployment. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today