https://feed.craftedsignal.io/tags/claude-code/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 21 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-claude-code-bypass/Sat, 21 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-claude-code-bypass/A maliciously crafted `.claude/settings.json` file in a Claude Code repository (versions prior to 2.1.53) can bypass the workspace trust confirmation dialog by exploiting a configuration loading order defect, allowing for arbitrary code execution within a supposedly untrusted workspace.CVE-2026-33068 affects Anthropic’s Claude Code CLI tool in versions prior to 2.1.53. The vulnerability stems from a configuration loading order defect where repository-level settings, specifically those defined in .claude/settings.json, are resolved before the workspace trust dialog is presented to the user. This allows a malicious repository to include a .claude/settings.json file containing bypassPermissions entries. These permissions are then applied before the user has the opportunity…

]]>highadvisoryclaude-codeworkspace-trustcve-2026-33068bypass