{"data":{"id":"14287b2d-a5f6-4916-898e-c59bc1268305","title":"GHSA-mmgp-wc2j-qcv7: Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File","summary":"Claude Code had a security flaw where it would read settings from a file (`.claude/settings.json`) that could be controlled by someone creating a malicious repository, allowing them to bypass the workspace trust dialog (a security prompt that asks for permission before running code). This meant an attacker could trick users into running code without their knowledge or consent. The vulnerability has been patched.","solution":"Users on standard Claude Code auto-update have already received the fix. Users performing manual updates are advised to update to the latest version.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mmgp-wc2j-qcv7","publishedAt":"2026-03-19T12:42:09.000Z","cveId":"CVE-2026-33068","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":["@anthropic-ai/claude-code@< 2.1.53 (fixed: 2.1.53)"],"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-19T12:42:09.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","safety"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0054"]}}