CVE ID :CVE-2026-40068 Published : May 5, 2026, 9:16 p.m. | 1 hour, 10 minutes ago Description :In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84. Severity: 7.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...