{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33068/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["claude-code","workspace-trust","cve-2026-33068","bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33068 affects Anthropic\u0026rsquo;s Claude Code CLI tool in versions prior to 2.1.53. The vulnerability stems from a configuration loading order defect where repository-level settings, specifically those defined in \u003ccode\u003e.claude/settings.json\u003c/code\u003e, are resolved before the workspace trust dialog is presented to the user. This allows a malicious repository to include a \u003ccode\u003e.claude/settings.json\u003c/code\u003e file containing \u003ccode\u003ebypassPermissions\u003c/code\u003e entries. These permissions are then applied before the user has the opportunity…\u003c/p\u003e\n","date_modified":"2026-03-21T12:00:00Z","date_published":"2026-03-21T12:00:00Z","id":"/briefs/2026-03-claude-code-bypass/","summary":"A maliciously crafted `.claude/settings.json` file in a Claude Code repository (versions prior to 2.1.53) can bypass the workspace trust confirmation dialog by exploiting a configuration loading order defect, allowing for arbitrary code execution within a supposedly untrusted workspace.","title":"Claude Code Workspace Trust Dialog Bypass via Settings Loading Order (CVE-2026-33068)","url":"https://feed.craftedsignal.io/briefs/2026-03-claude-code-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33068","version":"https://jsonfeed.org/version/1.1"}