Claude Code Security Advisory: CVE-2026-33068 Workspace Trust Bypass

Security Vulnerability in Claude Code
A security advisory has been issued for Claude Code users regarding CVE-2026-33068, a vulnerability with CVSS score 7.7 (HIGH). The issue affects Claude Code versions prior to 2.1.53.
Technical Details
The vulnerability allows malicious repositories to bypass the workspace trust confirmation dialog. Claude Code includes a legitimate feature called bypassPermissions in .claude/settings.json that lets users pre-approve specific operations in trusted workspaces.
The bug was in the order of operations: settings from the repository's .claude/settings.json were loaded before the workspace trust dialog was shown to the user. This means a cloned repository could include a settings file that grants itself elevated permissions before the user has a chance to review it.
Important nuance: bypassPermissions is a documented, intentional feature. The vulnerability is not in the feature itself but in the loading sequence.
What Users Should Do
- Run
claude --versionto confirm you are on 2.1.53 or later - Before opening any unfamiliar repository with Claude Code, check whether it contains a
.claude/settings.jsonfile and review its contents - If you have been working with repositories from untrusted sources on earlier versions, consider whether any unexpected operations were performed
Fix
Anthropic fixed this vulnerability in version 2.1.53 by reordering the loading sequence. The full advisory with technical details is available at https://raxe.ai/labs/advisories/RAXE-2026-040.
📖 Read the full source: r/ClaudeAI
👀 See Also

MCP Sandbox: Run MCP Servers in Isolated Containers Without Trusting Them
A developer built MCP Sandbox, which runs MCP servers in isolated gVisor containers with default-deny network access and safe secret injection, plus pre-execution CVE scanning and pattern checking.

FORGE: Open Source AI Security Testing Framework for LLM Systems
FORGE is an autonomous AI security testing framework that builds its own tools mid-run, self-replicates into a swarm, and covers OWASP LLM Top 10 vulnerabilities including prompt injection, jailbreak fuzzing, and RAG leakage.

Frontier AI Has Broken Open CTF Competitions — GPT-5.5 One-Shots Insane Pwn Challenges
Claude Opus 4.5 and GPT-5.5 can solve medium-to-hard CTF challenges autonomously, turning scoreboards into a measure of orchestration and token budget rather than security skill.

EctoClaw: Safety Tool for OpenClaw Agents with Terminal Access
EctoClaw is a free open source safety tool for OpenClaw that checks every action four times before execution, runs actions in a strong sandbox, and records everything with proof.