CVE-2026-40068

CVE-2026-40068 affects Claude Code versions 2.1.63–2.1.83. The vulnerability arises from trusting the git worktree commondir file without validating its contents, allowing a crafted repository to point to a previously trusted path. This could bypass the trust dialog and cause immediate execution ...

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: OSV:GHSA-Q5HJ-MXQH-VV77...

1shot (>=0.0.1 <=0.0.9), @4via6/relay (>=1.0.0 <=1.2.0) +363 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-39861 Source advisory: OSV:GHSA-VP62-R36R-9XQP...

1shot (>=0.0.1 <=0.0.2), @4via6/relay (=1.2.0) +170 more potentially affected by CVE-2026-25724 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.63)

@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.2.5, =4.10.0, =2.1.2, =0.3.0, =0.3.3, =0.3.0, =0.2.0, =0.3.5 and more Source cves: CVE-2026-25724 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15248353...