Claude Code Trust Dialog Bypass Vulnerability Leading to Arbitrary Code Execution
Vulnerability
A vulnerability in Claude Code versions 2.1.63 prior to 2.1.84 allows for arbitrary code execution by bypassing the application's trust confirmation dialog. This issue arises because the folder trust determination logic improperly uses the git worktree commondir file without validating its contents. An attacker can create a malicious repository with a commondir file directing to a previously trusted path, causing Claude Code to immediately execute hooks defined in .claude/settings.json. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, while the attacker must know or guess a trusted path.
Impact
Exploiting this vulnerability allows for arbitrary code execution by executing malicious hooks in the victim's Claude Code environment.
Remediation
Users on standard Claude Code auto-update have received this fix. Those performing manual updates should update to the latest version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.