Lucene search
K

13 matches found

CVE
CVE
added 2026/06/29 2:4 p.m.48 views

CVE-2026-55607

CVE-2026-55607 affects Claude Code 2.1.38–2.1.163; worktree handling allowed creation of ".git" worktrees and navigation outside the sandbox, enabling git directory confusion. Exploit via symlink manipulation and git fsmonitor during worktree operations could overwrite home-dir files (e.g., .zshe...

8.8CVSS6.3AI score0.00765EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/29 2:4 p.m.35 views

CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS0.00765EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 2:4 p.m.4 views

CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.4AI score0.00765EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 9:16 p.m.53 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

8.8CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 8:52 p.m.10 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 8:52 p.m.69 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS0.00281EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 4:34 p.m.4 views

GHSA-Q5HJ-MXQH-VV77 Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...

7.7CVSS5.9AI score0.00281EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/24 4:34 p.m.36 views

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...

8.8CVSS5.6AI score0.00281EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.18 views

PT-2026-37099

Name of the Vulnerable Software and Affected Versions Claude Code versions 2.1.63 through 2.1.83 Description The folder trust determination logic fails to validate the contents of the git worktree commondir file. An attacker can craft a malicious repository with a commondir file pointing to a pat...

7.7CVSS5.9AI score0.00281EPSS
Exploits0References7
OSV
OSV
added 2025/11/19 5:55 a.m.4 views

MAL-2025-191158 Malicious code in CodeInKlingon.git-worktree-menu (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 68ef1fadb311fcf38b0a3d9f7e7845c12f201bfdab9556387e9a8b052cec8ee5 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score
Exploits0References1
RustSec
RustSec
added 2024/05/22 12:0 p.m.7 views

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/07/25 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2022:2535-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.00782EPSS
Exploits0References5
Mageia
Mageia
added 2022/04/22 5:7 p.m.107 views

Updated git packages fix security vulnerability

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in /tmp, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs 'git status' or 'git diff' and navigating to a directory which ...

7.8CVSS0.9AI score0.00782EPSS
Exploits0References4
Rows per page
Query Builder