CVE-2026-33068

Claude Code

High

CVSS Details

CVSS Score

8.8 HIGH

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness

CWE-807 Reliance on Untrusted Inputs in a Security Decision

Description

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed .claude/settings.json, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing the trust confirmation prompt, making it easier for an attacker-controlled repository to gain tool execution without explicit user consent. This issue has been patched in version 2.1.53.

View on NVD

Timeline

Discovered

March 2026

Vendor Notified

March 2026

Patch Released

March 20, 2026 (v2.1.53)

Public Disclosure

March 20, 2026