Zero Day MonitorZDM

← Back to list

—

CVE-2026-40068PATCHED

anthropic · claude code

Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

Description

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.

Affected Products

Vendor	Product	Versions
anthropic	claude code	npm/@anthropic-ai/claude-code: >= 2.1.63, < 2.1.84

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB53d ago

CVE-2026-40068 | Anthropic claude-code up to 2.1.83 claude/settings.json command injection (GHSA-q5hj-mxqh-vv77 / EUVD-2026-27502)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

@anthropic-ai/claude-code@2.1.84

CWECWE-20, CWE-77

PublishedApr 24, 2026

Last enriched53d agov2

Tags

GHSA-q5hj-mxqh-vv77npm

Trending Score0

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-54316EXP

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

HIGHCVE-2026-7574

Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic's Fable 5 Model Jailbroken

MEDIUMCVE-2026-46406

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

NONECVE-2026-35022EXP

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 24, 2026

Discovered by ZDM

Apr 24, 2026

Updated: severity

May 6, 2026

Patch Available

May 6, 2026

Version History

v2

Last enriched 53d ago

v2Tier C53d ago

Updated severity to CRITICAL and noted that there is no available exploit.

severity

via VulDB

v164d ago

Initial creation