Vulnerability DatabaseCVE-2026-40068
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-40068
Published:May 05, 2026
Updated:May 16, 2026
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in ".claude/settings.json". Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.
Affected Packages
@anthropic-ai/claude-code (NPM):
Affected version(s) >=2.1.63 <2.1.84
Fix Suggestion:
Update to version 2.1.84
Related Resources (3)
https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77
https://github.com/anthropics/claude-code
https://nvd.nist.gov/vuln/detail/CVE-2026-40068
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Input Validation
CWE-20
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
EPSS
Base Score:
0.17