Skills
CVE-2026-33068: Malicious Repos Bypass Claude Code Workspace Trust Dialog via Committed Settings File
RAXE Labs disclosed CVE-2026-33068 (CVSS 7.7): Claude Code resolved permission mode from .claude/settings.json before displaying the workspace trust dialog, allowing a malicious repo to set permissions.defaultMode to bypassPermissions. A victim cloning the repo would be silently placed in permissive mode without seeing the trust confirmation, enabling arbitrary tool execution. Fixed in v2.1.53. Builders should never clone untrusted repos into Claude Code without verifying settings files first.
Source
↳ Follow the thread