GHSA-q5hj-mxqh-vv77: Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
Summary
Claude Code had a security flaw where it checked a git worktree (a Git feature allowing multiple branch checkouts in separate directories) `commondir` file to decide if a folder was trustworthy, but didn't verify the file's contents. An attacker could create a malicious repository with a fake `commondir` file pointing to a folder the victim had previously trusted, tricking Claude Code into skipping its safety dialog and running malicious code from `.claude/settings.json` (a configuration file). This attack required the victim to clone the malicious repository and open it in Claude Code, and the attacker had to know a path the victim had already marked as safe.
Solution / Mitigation
Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.
Vulnerability Details
EPSS: 0.0%
Yes
April 24, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-q5hj-mxqh-vv77
First tracked: April 24, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%