GHSA-mmgp-wc2j-qcv7: Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
highvulnerabilityLLM-Specific
security
Summary
Claude Code had a security flaw where it would read settings from a file (`.claude/settings.json`) that could be controlled by someone creating a malicious repository, allowing them to bypass the workspace trust dialog (a security prompt that asks for permission before running code). This meant an attacker could trick users into running code without their knowledge or consent. The vulnerability has been patched.
Solution / Mitigation
Users on standard Claude Code auto-update have already received the fix. Users performing manual updates are advised to update to the latest version.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
March 19, 2026
Classification
Attack Type
Jailbreak
Attack SophisticationTrivial
Impact (CIA+S)
integritysafety
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
Anthropic
Affected Packages
@anthropic-ai/claude-code@< 2.1.53 (fixed: 2.1.53)
Related Issues
Original source: https://github.com/advisories/GHSA-mmgp-wc2j-qcv7
First tracked: March 19, 2026 at 09:00 AM
Classified by LLM (prompt v3) · confidence: 95%