Claude Code Security Advisory: CVE-2026-33068 Workspace Trust Bypass

Security Vulnerability in Claude Code

A security advisory has been issued for Claude Code users regarding CVE-2026-33068, a vulnerability with CVSS score 7.7 (HIGH). The issue affects Claude Code versions prior to 2.1.53.

Technical Details

The vulnerability allows malicious repositories to bypass the workspace trust confirmation dialog. Claude Code includes a legitimate feature called bypassPermissions in .claude/settings.json that lets users pre-approve specific operations in trusted workspaces.

The bug was in the order of operations: settings from the repository's .claude/settings.json were loaded before the workspace trust dialog was shown to the user. This means a cloned repository could include a settings file that grants itself elevated permissions before the user has a chance to review it.

Important nuance: bypassPermissions is a documented, intentional feature. The vulnerability is not in the feature itself but in the loading sequence.

What Users Should Do

• Run claude --version to confirm you are on 2.1.53 or later
• Before opening any unfamiliar repository with Claude Code, check whether it contains a .claude/settings.json file and review its contents
• If you have been working with repositories from untrusted sources on earlier versions, consider whether any unexpected operations were performed

Fix

Anthropic fixed this vulnerability in version 2.1.53 by reordering the loading sequence. The full advisory with technical details is available at https://raxe.ai/labs/advisories/RAXE-2026-040.