CVE-2026-40068

Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

Description

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.

INFO

Published Date :

2026-05-05T20:52:26.089Z

Last Modified :

2026-05-05T20:52:26.089Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-40068 vulnerability.

Vendors	Products
Anthropics	Claude Code

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40068.

URL	Resource
https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability