CVE-2026-33068 — Reliance on Untrusted Inputs in a Security Decision in Claude-code

CWE-807 — Reliance on Untrusted Inputs in a Security Decision12 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.1%

top 70.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anthropics Claude-code Anthropic Claude Code Anthropic-ai Claude-code

Timeline

Latest updateMar 19

PublishedMar 20

Description

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed .claude/settings.json, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing th…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDanthropic/claude_code< 2.1.53

▶CVEListV5anthropics/claude-code< 2.1.53

▶npmanthropic-ai/claude-code< 2.1.53

🔴Vulnerability Details

OSV

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File↗2026-03-19

▶

GHSA

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File↗2026-03-19

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25723 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-24053 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-33068 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-25722 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-24052 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶